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SUPPORT FOR LINUX 
CONTINUES TO GROW 

New tools, Asian influence, corporate 
sponsorship highlight LinuxWorld 



BY ALEX HANDY 

SAN FRANCISCO 
— Some of the 
biggest 



SDta 



names in 
the industry turned out at the 
LinuxWorld Conference and 
Expo held here at the Moscone 
Convention Center in early 
August, heralding a new era of 
corporate acceptance of the 
open-source operating system. 

More than 11,000 attendees 
were on hand, according to 
conference organizers, as were 
some new trends for the Linux 
industry. Chief among them is 
the acceptance in the business 



world that open- 
source software 
| can be a profitable 
business, albeit in 
more roundabout ways than 



many companies are used to. 

While some companies, such 
as ActiveGrid, maker of a 
LAMP-based server solution, 
offer their tools with no strings 
attached, they charge per-seat 
and per-server fees for service 
agreements and support con- 
tracts. Other companies, such as 
Funambol, maker of a mobile 
applications server, offer their 
► continued on page 21 



EJB Mapping 
Gets Go-Ahead 
From Eclipse 

Oracle leads; JBoss, SolarMetrics join 
effort to simplify data persistence 



BY JENNIFER DEJONG 

Oracle was expected to 
announce at the EclipseWorld 
conference in New York on 
Aug. 29 that its proposal to 
lead the EJB 3.0 Object-Rela- 
tional Mapping Project has 
been accepted by the Eclipse 
Foundation. The company 
also will announce that JBoss 
and SolarMetrics have joined 
the project. 



"We will work together to 
determine what the project 
will look like," said Oracle's 
director of Java tools, Dennis 
MacNeil. 

The project's goal is to cre- 
ate tools to build applications 
based on the EJB 3.0 specifica- 
tion (JSR 220), which aims to 
provide a simpler, less code- 
intensive way to persist objects 
► continued on page 14 
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The Eclipse EJB 3.0 Object-Relational Mapping Project plans tools that let 
Java developers deploy Enterprise JavaBeans to any Java EE application 
server with just a few lines of code. 



'Hey, You Got Tools in My Process' 

Agile project offerings look at integrating IDEs r methods 



BY JENNIFER DEJONG 

Agile and tools. Time was when 
those two words were never 
uttered in the same breath. 

Doing so would fly in the face 
of the "Manifesto for Agile Soft- 
ware Development," which pro- 
claims: "Individuals and interac- 
tions over processes and tools." 

But, increasingly, makers of 
software for managing agile 
projects are eyeing integration 
with the mega-IDEs, and 
Microsoft plans support for 
agile projects in Visual Studio. 

"In the early days of agile, 
only heretics used tools," said 



Liz Barnett, a Forrester analyst 
who follows agile development. 
But that is no longer true. 

Boulder, Colo. -based Rally 
Software recently released a 
beta version of a plug-in that 
lets teams using Rally Release 5, 
its software for managing agile 
projects, integrate with the 
Eclipse framework. The compa- 
ny is considering a comparable 
plug-in for Visual Studio, said 
Rally's vice president of product 
marketing, Richard Leavitt. 

"Some agilists will throw their 
arms up and say, The tool is 
forcing me to behave in this 
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manner,' " Leavitt said. But some 
degree of integration with IDEs 
makes sense, he added. The 
Web Services API for Reading 
and Updating Tasks lets develop- 
ers make changes in Eclipse and 
roll them up into reports gener- 
ated by Rally's software. 

Atlanta-based VersionOne 
does not provide a comparable 
plug-in. Asked if the company 
plans to do so, CEO Robert 
Holler said: "We are looking at 
integration. Potentially there's a 
touch point, but it's a loose touch 
point." He did not elaborate, but 
his view is in line with Rally's. 




Integration with agile project 
management offerings could be 
beneficial, from a rolling up and 
reporting standpoint, he said. 

AGILE VALUES STILL HOLD 

Even as they begin to embrace 
IDEs, agile project manage- 
ment players aren't parting 
ways with their agile values. 

"There is tremendous pres- 
sure from top management for 
visibility into software develop- 
ment projects," said Barnett. 
"Project management tools can 
provide that visibility. But they 
have to get the data from some- 
where." And the IDEs, particu- 
larly those geared to life-cycle 
management, can provide that 
data, she said. 

Development environments 
should lie beneath, not on top 
of, agile projects, said Holler. 
In the agile arena, the most 
important thing is flexibility, and 
enforcing agile methodologies 
in the IDE would dictate how 
development teams work. "And 
that, by nature, is not very 
agile," he said. 

► continued on page 16 
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ASP.NET Toolkit Targets Mixed-Environment Shops 

Source code lets developers customize connections to different data sources 



BY JENNIFER DEJONG 

Microsoft last month delivered 
a toolkit for Web developers 
working in mixed environ- 
ments, outlining how it will 
work with some of the features 
expected in the forthcoming 
ASP.NET 2.0. 

ASP.NET 2.0 Provider 
Toolkit (msdn.microsoft.com 
/asp. net/provider) is aimed at 
developers using Microsoft's 
Web technology in mixed com- 
puting environments, where 
Access, Active Directory and 
SQL Server aren't necessarily 
the norm. "What about user 
data sitting in other data 
stores?" asked Microsoft's Brian 
Goldfarb, product manager for 
Web platform and tools. "You 
don't want to throw away what 
you've got." 



The toolkit does not offer 
precoded connections to DB2, 
Oracle, MySQL or other 
non-Microsoft offerings. In- 
stead, it supplies the source 
code that shows how some of 
the new productivity features in 
ASP.NET 2.0 are implemented 
against the Microsoft Access 
database. By examining the 
source code, developers can 
create what Microsoft calls 
"custom providers," to work 
with any data store. "If you are 
connecting to an IBM main- 
frame, you can see how the 
connection was coded in Access 
and implement it on your own," 
said Goldfarb. Used throughout 
ASP.NET 2.0, the provider 
model lets developers plug in 
custom providers (or those 
offered by Microsoft) without 



having to alter the rest of the 
application accordingly, he said. 
"The front-end piece still 
works, even if I change the 
back-end data store." 

Microsoft has promised to 



deliver ASP.NET 2.0, a compo- 
nent of the .NET Framework 
2.0, in November, along with 
Visual Studio 2005 and SQL 
Server 2005. At that time, the 
company also expects to release 



additional toolkits, providing 
source code for using SQL 
Server, SQL Server Express 
and Windows Active Directory 
and Authorization Manager, 
Goldfarb said. I 



ASP.NET 2.0: THIS TIME IT'S PERSONAL 



Whether supplied by Microsoft or built by devel- 
opers, the ASP.NET 2.0 Provider Toolkit is 
intended for use with some of the new productiv- 
ity features planned for ASP.NET 2.0 that help 
personalize Web applications , including: 
Membership: Lets developers create, persist and 
maintain credentials for Web site users who have 
registered as members. Accomplishing that in 
earlier versions of ASP.NET reguired a lot of 
hand-coding, said Brian Goldfarb, Microsoft's 
product manager for Web platform and tools. 
Role Manager: Automates the process of switching 
content based on a Web site member's specified 



role. For instance, a news site may deliver free, gene- 
ric content to some members, while offering higher- 
value content, sold by subscription, to others. 
Profile: Simplifies the steps in tracking personal- 
ization information by creating a database that 
associates saved information with a particular 
user, and persists indefinitely. 
Web Parts: Essentially "encapsulated functional- 
ity" used to present information such as weather 
reports or movie listings that are tied to a par- 
ticular ZIP code, said Goldfarb. Users can posi- 
tion Web parts on the page, according to person- 
al preference. -Jennifer deJong 



With SAAS, Sales and Support Are the Same 



BY JENNIFER DEJONG 

In the traditional software 
market, sales and support are 
two separate functions. 

Companies license their 
commercial offerings, then 
typically look to local channel 
partners to deliver support. 

But that's not so in the 
emerging market for delivering 
software as a service (SAAS), 
where sales and support are 
tightly intertwined. Because 
customers pay on a per-user, 
per-month basis, delivering 
first-rate support is central to 



getting customers to renew. To 
date, that has left resellers 
largely out of the game. 

"Most SAAS providers are 
selling direct, so support is pro- 
vided directly, too," said IDC 
analyst Amy Konary. The estab- 
lished reseller channel isn't 
really set up to handle the sub- 
scription-based model. "They 
are used to being compensated 
upfront for Great Plains 
[Microsoft's accounting soft- 
ware], which could cost 
US$250,000— not getting $400 
a month for a service," she said. 



But if the SAAS market is to 
realize predictions for growth, 
that has to change. "Direct sales 
force and telesales can only 
scale so far," she said. 

FEWER CRIES FOR HELP 

To keep customers renewing, 
you have to show them as much 
support as possible, said Rosie 
Hausler, vice president of mar- 
keting for Pleasanton, Calif. - 
based Nsite, which delivers its 
workflow automation software as 
a service. "The recurring model 
behooves us to be responsive." 



A SLIGHTLY BIGGER PIECE OF THE PIE 



U.S. software on-demand delivery (software delivered as a service) revenue share 
of total software revenue: 



2004 



2009 



On-Demand 

Delivery 

1.5% 




Demand 
Delivery 
- 3.8% 



U.S. Total Software Revenue: 
$96.13 Billion 



U.S. Total Software Revenue: 
$129.95 Billion 



Source: IDC 



One thing that has helped 
that effort is that hosted appli- 
cations are inherently easier to 
support than software that is 
sold upfront. Companies that 
opt for the traditional sales 
model are forced to support 
several versions simultaneously, 
but at any given time SAAS 
providers support only one 
release, said Susan St. Ledger, 
senior vice president of global 
services at San Francisco-based 
Salesforce.com, which sells cus- 
tomer relationship manage- 
ment software by subscription. 
"There are deep support costs 
associated with older versions," 
she said. Another advantage: 
Because customers aren't run- 
ning the software on their own 
servers, they don't call as often. 
In the traditional software mod- 
el, a large percentage of sup- 
port calls arise from problems 
associated with operating soft- 
ware on the server side, St. 
Ledger explained. 

And when SAAS users do 
pick up the phone, it's easy for 
support reps to zero in on their 
computer screens. "It's two min- 
utes for me to log into their 
account and see what they are 
seeing," said Peter Cervieri, 
senior vice president of 
ScribeStudio, a New York-based 
company that delivers a SAAS 
offering for authoring training 
and education applications. 



PROACTIVE PLANS 

Most SAAS providers offer sev- 
eral levels of support, said 
IDC's Konary. The first line of 
defense, typically included in 
the subscription price, includes 
Web-based resources, such as 
answers to frequently asked 
questions, and basic phone sup- 
port, where customers can ask 
support reps straightforward 
how-to questions, such as how 
to create a report, said Sales- 
force. corn's St. Ledger. More 
advanced queries, such as how 
to integrate with a customer 
database, typically involve paid 
contracts, she said. The highest 
level of help is likely to include 
round-the-clock phone sup- 
port, as well as proactive mea- 
sures on the providers' part, 
such as calling customers to see 
if they have any concerns. 

SAAS providers keep costs 
in check by addressing the 
most common needs before 
they arise. For instance, Nsite 
provides precoded snippets 
that make it easy to connect 
Nsite's workflow automation 
software to Salesforce. corn's 
CRM offering, or to that of its 
competitor, Siebel CRM 
OnDemand. "We make the 
integration easy," said Hausler. 
To stay ahead of the game, 
Salesforce.com analyzes sup- 
port calls to see which ques- 
► continued on page 24 
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Orion: Platform Gives Developers License 



BY DAVID RUBINSTEIN 

Around-the-clock operations 
support, scalability to 5 million 
users, and APIs that enable rapid 
integration into Java and .NET 
applications are among the new 
features of Orion 2.0, the Inter- 



net-based network licensing 
platform from Santa Clara-based 
Agilis Software that will be 
released later this month. 

The Orion platform offers 
product and feature activation 
control, floating license setup, 



license key distribution, soft- 
ware asset tracking and report- 
ing to allow software vendors to 
see how their software is actual- 
ly being used within an organi- 
zation, and for the organization 
itself to make better-informed 



decisions on future software 
licensing, according to Dominic 
Haigh, vice president of busi- 
ness development at Agilis. 
Orion runs on any Java applica- 
tion server. 

The platform also comes 




with the Orion Proxy Server, 
which can be used in applica- 
tions that have no Internet 
access, or in organizations that 
have secure networks and which 
must communicate through a 
"demilitarized zone," said Vinay 
Sabharwal, who is both CEO 
and CTO of Agilis. 

"The Proxy Server can relay 
license requests back and forth 
to the outside world through a 
DMZ, which is usually a limited 
number of machines with both 
internal and external access," he 
explained. 

Sabharwal said this capabili- 
ty separates Orion from other 
product licensing solutions. 
"We didn't have to adopt new 
technologies into an older 
architecture," he said. 

Internet-based license acti- 
vation, Haigh said, provides ven- 
dors with flexible business mod- 
els and the ability to track how 
their products are being used, 
while giving customers conve- 
nience without being intrusive. 
The platforms order manage- 
ment system uses an API to con- 
figure a license in Orion, includ- 
ing what period of time the 
license covers and which fea- 
tures of the software need to be 
activated, he explained. A serial 
number is sent to the desktop, 
which the user is prompted to 
input at activation. Each time 
the application runs, it interro- 
gates a local key to learn its lim- 
its, Haigh said. 

"Under the covers, Orion 
generates a key kept on the 
local machine," added Sabhar- 
wal. "The user can deactivate it 
on one machine and activate it 
on another," locking the appli- 
cation out on the first machine, 
he noted. 

Another key differentiator, 
Sabharwal said, is that the net- 
work license server within Orion 
allows ISVs to set up anonymous 
or named-user licenses to 
change access to software fea- 
tures by role. A user can be a 
desktop machine, a terminal 
server or a browser host address, 
he said. 

Further, there is no "heart- 
beat" between the application 
and the service, another funda- 
mental difference from other 
solutions, he said. "We store the 
record on individual users in 
the license server. When the 
license is checked out, it is 
maintained in persistence on 
the license server." Users can 
choose to use overdraft protec- 
tion to continue working in cas- 
es where connectivity to the 
server is lost, he added. I 
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Patterns Designed to Deliver the Message 

New IBM offerings aim to help with building, managing an enterprise service bus 



BY JENNIFER DEJONG 

IBM has designed six new mes- 
saging patterns that may eventu- 
ally make their way into its soft- 
ware development platform. 



The company released on its 
developerWorks resource site 
last month WebSphere Plat- 
form Messaging Patterns Asset. 
The set of six patterns takes 



advantage of the messaging 
engine included in WebSphere 
Application Server 6.0 to pro- 
vide an easier way to build, con- 
figure and manage an enter- 



prise service bus, said Angel 
Diaz, IBM's director of on- 
demand development. 

Essentially a means of 
imparting best practices, pat- 
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terns are reusable assets that 
allow one developer to success- 
fully repeat a design that 
already has been built by 
another. They aim to provide 
solutions to recurring problems 
that developers face, such as 
how an application gets to a 
database, or how it locks out 
resources, explained Grant 
Larsen, a model-driven devel- 
opment specialist at IBM. 

Patterns often take the form 
of paper-based designs. But 
because the new messaging pat- 
terns are aimed at software 
architects modeling the messag- 
ing piece of an application, they 
have been encoded as models 
based on the Unified Modeling 
Language, he said. There are 
patterns for JMS message han- 
dling, message logging, XSLT 
transformation, event sequenc- 
ing and for configuring bus and 
JMS resources on WebSphere 
Application Server 6.0, accord- 
ing to IBM s site. 

Because the UML-based 
patterns are designed to be 
used in Rational Software 
Architect (part of the role- 
based Rational Software Devel- 
opment Platform), they can 
generate code, which develop- 
ers can incorporate in an appli- 
cation, Larsen said. 

To access the patterns, 
developers can download 
Rational Software Architect 
(www.ibrn.com/developerworks 
/downloads/r/rswa) and con- 
nect to the Rational XDE 
Repository. I 



TEST PATTERNS 



Message Delegate: Creates a 
client to send a message over 
Java Message Service. 

Message Logger Mediation: 

Logs messages into a data- 
base for auditing purposes. 

XSLT Mediation: Provides code 
written in XSLT to transform 
messages from one format to 
another. 

Mediation List Handler: Seguen- 
ces events that must occur. 

Service Integration Bus: Con- 
figures bus resources on Web- 
Sphere Application Server 6.0. 

JMS Connection: Configures 
JMS resources on WebSphere 
Application Server 6.0. 

Source: IBM 
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Static? Dynamic? Binary? What Should You Test for 



BY DAVID RUBINSTEIN 

Is static source-code analysis 
the best type of security vulner- 
ability testing? Should binary 
analysis be done only on third- 
party software, for which the 



team likely has no access to the 
source? Is dynamic analysis 
something that occurs too late 
in the development life cycle to 
be cost-effective? 

The job of making sure 



applications cannot be exploit- 
ed has been moving from the 
network administrators up to 
quality assurance and develop- 
ment, so different tactics need 
to be employed by each of the 



roles. "Dynamic analysis applies 
to QA," said Erik Peterson, 
director of product manage- 
ment at SPI Dynamics. "In 
development, [static analysis] 
lets developers dig in to look at 
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code and other aspects of an 
application to see the security 
posture from that perspective." 

ANALYZE THESE 

The most common types of 
analysis vendors and analysts 
describe are binary, static, run- 
time and dynamic. However, 
there is confusion as to what 
these mean; often, the analysis 
of an application as it is running 
will be called binary, runtime 
and dynamic analysis. 

Binary analysis means the 
analysis of compiled, not 
assembled, code, or of an exe- 
cutable when the source code is 
not available, such as when 
companies wish to do security 
vulnerability tests on third-par- 
ty software, according to Jerry 
Brady, chief technology officer 
at Secure Software. 

Static analysis looks at the 
source code, providing the 
complete picture of the applica- 
tion but also pointing up flaws 
in code that won't really nega- 
tively impact the application. 
SPI Dynamics' Peterson went 
on to describe runtime analysis 
as performance analysis, watch- 
ing data flow through the appli- 
cation, for example, to measure 
response times and checking on 
the data flowing in and out of 
memory and registries. He 
called dynamic analysis the 
real-world probing of applica- 
tions with requests against the 
application's "attack surface." 

Brady acknowledged that 
vendors need to do a better job 
of instructing the industry as to 
which type of analysis is best at 
which point in the life cycle. 
"The information security indus- 
try has had a tendency to be dis- 
connected from software devel- 
opment," he acknowledged. 

Secure s director of product 
management, Dale Gardner, 
said his company is moving 
away from providing binary 
analysis, noting that their cus- 
tomers did not see that as a pri- 
ority. Brady agreed with this 
trend, saying, "In the last three 
to five years, almost all com- 
mercial vendors have changed 
their licenses regarding reverse 
engineering," which gives users 
of that software the ability to 
test or exercise the application 
by effectively duplicating it. 

He is of the mind that ven- 
dors want to do their own testing 
so they can focus development 
efforts on new software with new 
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Security Leaks, and When? 



revenue streams and not have to 
retain so large a maintenance 
staff to work with people in the 
field who have uncovered bugs. 
Letting their customers dig in to 
the software results only "in 
lumpy labor costs and bad 
press," Brady said. 

Also, he said, the focus on 
vulnerability remediation has 
shifted more toward software 
that moves money or data — an 
area into which organized 
crime has reportedly been 
heading — and away from com- 
modity software that tends not 
to be cash-rich. 

SPI Dynamics believes that 
developers should do static 
analysis to determine the true 
boundaries of an application, 
and to determine if any back 
doors have been left, for exam- 
ple, and then use dynamic analy- 
sis to prove they exist. "If you 
had 100 different developers, 
they would code an application 
100 different ways," Peterson 
said. "A static tool tells them, 
Trust me. This code is bad.' " 

Secures Brady pointed out 
that it's too expensive to try to 
fix all the vulnerabilities that 
could be found in dynamic 
analysis. If you do static analysis 
correctly, he maintained, you 
should get to a staging phase 
when all dynamic testing is for 
assurance. "If the first time you 
catch a problem is in dynamic 
analysis, you've got cost prob- 
lems," he said. 

J NO SINGLE BULLET' 

Microsoft, long considered the 
poster child of vulnerable appli- 
cations, in March updated a 
paper called "The Trustworthy 
Computing Security Develop- 
ment Lifecycle," which sprang 
from the infamous Trustworthy 
Computing speech delivered by 
Bill Gates in 2002. Essentially, 
Microsoft believes security is 
something that needs to be 
thought of during design, cod- 
ing and testing of software, and 
that it must be easy and have 
senior-level buy-in to be done 
effectively. "We have found that 
there is no single silver bullet" 
for dealing with security, said 
Eric Bidstrup, a member of 
Microsoft's security team. 

Visual Studio 2005 will have 
a number of new tools to help 
developers deal with applica- 
tion security, including MSF 
Agile, for creating project poli- 
cies such as requiring static 



analysis every time code is 
checked in to the repository. 
"We're trying to bake in some 
best practices," said Microsoft 
product manager Rick Samona. 
Other tools will include FX 



Cop for scanning managed code 
for possible breaches such as 
SQL injections; PreFast, which 
scans C + + applications for 
buffer overruns, memory leaks 
and uninitialized variables; 



Application Verifier, which scans 
native C/C++ code at runtime 
looking for heaps, handles and 
locks; and GS Switch, which is 
now on by default to break out of 
an application if a cookie buffer 
is changed, Samona said. Micro- 
soft also will provide safe CRT 
libraries, he added. 

As for dynamic or static 



analysis, Samona said, "Security 
checks should be applied at dif- 
ferent points of the application 
life cycle. We've spent time and 
energy raising awareness inter- 
nally over [such things as] priv- 
ileges and rights [to handling 
code]. It's a lesson we've 
learned the hard way... how to 
think about testing." I 
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As Eclipse Evolves, Better C/C++ Tools Emerge 



Project delivers automated builds, code completion, refactoring 



BY JENNIFER DEJONG 

As the Eclipse C/C++ Develop- 
ment Tools project progresses, 
its beginning to offer features 
found in Java tools. 



The Eclipse Foundation was 
expected to unveil last month an 
updated version of the CDT pro- 
ject. CDT 3.0 eliminates the 
need for developers to write 



Makefiles, and delivers capabili- 
ties such as code completion and 
refactoring, which are common- 
place in Java tools, said Sebastien 
Marineau, CDT project leader 



and senior software architect at 
Ottawa-based QNX Software 
Systems. "We have done a lot of 
work on the foundation." 

CDT 3.0 includes a refactor- 



"We deeply regret 
this incident" 
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Employment insurance- from Red Gate Software 



ing that lets developers rename 
classes and methods without 
having to manually fix every 
piece of code affected by the 
change. Also new is the ability to 
type in the name of a function 
and hit a hot key for code com- 
pletion, and to click on a variable 
that jumps to a file where it is 
defined, he said. A future release 
will offer additional refactorings, 
as well as the ability to find and 
fix errors in source code. 

Such features are made pos- 
sible by an underlying change to 
CDT. "We integrate the compil- 
er [Intel or GNU Compiler Col- 
lection], take in the source code 
and parse it to understand the 
syntax," said Marineau. "The 
tool has a better understanding 
of what the developer is doing." 
Because CDT lets developers 
specify which compiler they are 
using when they create projects, 
they no longer need to manage 
the build process manually. 
Marineau said that when devel- 
opers are ready to do the build, 
"they say, 'Here's my project. 
Here's my source file. Go off 
and build it for me.' " I 

Validian SDK 

Addresses 

Security 

BY JENNIFER DEJONG 

Application-level security de- 
veloper Validian last month 
released a software develop- 
ment kit designed to work with 
its development platform. 

Used in tandem with Validian 
ASI, SDK 1.0 lets developers 
who lack security expertise write 
in C++ messaging applications 
that are inherently secure from 
an authorization and encryption 
standpoint, said Mark LeGuerri- 
er, Validian's vice president of 
technology. 

The Ottawa-based company 
also announced an update to 
Validian ASI. The new version, 
1.2, adds better support for man- 
aging cryptographic keys, used to 
unlock documents that have 
been secured, and for multiple 
tokens, which are used for 
authentication. 

The two offerings, aimed 
primarily at ISVs, enable devel- 
opers to incorporate secure 
messaging at the application 
level, he explained. Such capa- 
bilities are typically added after 
the fact. 

The company plans to deliv- 
er Java editions of its offerings 
next year, said LeGuerrier. I 
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VMware Will Give Partners Virtual Access 

By opening certain source code, company hopes to drive virtualization standard 



BY DAVID RUBINSTEIN 

Virtualization software compa- 
ny VMware has announced 
plans to support Linux and 
Solaris x86 operating systems, 
and says it hopes to create 
a standard for virtualization 
software by releasing some of 
its source code to strategic 
partners. 

With the new operating sys- 
tem support, enterprises now 
will be able to manage Linux, 
NetWare, Solaris x86 and Win- 
dows virtual machines from the 
same host platform. 

"With more options avail- 
able, customers can transition 
a larger portion of their data 
center workloads to a virtual 
infrastructure and thereby 
benefit from the proven ROI 
of a virtual operating environ- 
ment," Jeffrey Engelmann, 
executive vice president of 
marketing at VMware, said in 
a statement. 

VMware will share source 
code and interfaces for its 
ESX Server software with 
chip maker Advanced Micro 
Devices, network infrastruc- 
ture provider Cisco Systems, 
and also with HP, IBM and 
Red Hat, among others. Under 
the terms of the code release, 
those partners will be able to 
change the code for use in 
their products but will not be 
able to give away VMware's 
engine. 

Also, VMware is hoping 
these partners, under a new 
program called VMware Com- 
munity Source, will help 
establish the product's future 
direction. 

Some analysts see the move 
as a preemptive strike against 
Microsoft, which has indicated 
that it could include similar 
virtualization software in Win- 
dows Vista. Microsoft pur- 
chased Connectix, which com- 
peted with VMware in the 
desktop part of the virtual- 
ization market; its product 
is now called Microsoft Virtual 
PC. 

SOLARIS GOES VIRTUAL 

Sun Microsystems announced 
at the LinuxWorld Conference 
in San Francisco last week that 
it will include VMware's virtual- 
ization capabilities on its Sun 
Fire servers, and that Solaris 
10, its Unix operating system, 
will be included in future 



VMware products as a target 
operating system. 

"Virtualization opens the 
network and liberates the cus- 
tomer to implement server con- 



solidation, respond faster with 
virtual infrastructure and dra- 
matically improve and lower 
the cost of disaster recovery," 
said Sun vice president of part- 



ner marketing Stephen Borcich 
in a statement. 

Sun will resell VMware 
ESX and GSX server software 
and VMware Workstation with 



its servers, allowing organiza- 
tions to run multiple operat- 
ing systems on the same 
hardware, thereby increasing 
server utilization. I 
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An Excel-compatible server component is available from Spreadsheet- 
Gear. The company has released the first beta of SpreadsheetGear 
for .NET, which runs on both 32-bit and 64-bit .NET, and plugs 
into VS.NET 2003 and Visual Studio 2005. The software costs 
US$499 per developer, and does not have runtime royalties . . . Tula- 
Soft is offering SQL Examiner, a utility that can compare and syn- 
chronize different database versions. The US$199 software, which 
runs on Windows, will highlight the differences between live databases, 
and provides tools for updating all or part of the databases by gener- 
ating SQL scripts . . . BEA Systems has shipped Aqua Logic Service 
Bus 2.0, which previously was code-named Quicksilver. The new 
enterprise service bus is designed to work with BEA's application and 
integration servers . . . Absoft is offering a High Performance SDK for 
Opteron Linux Clusters, which incorporates 
PathScale's 64-bit Fortran and C++ compil- 
ers, as well as Absoft's debuggers, math libraries and other develop- 
ment tools. Pricing is based on the size of the cluster and the number 
of concurrent users ... NT Objectives has launched Application 
Security Assurance Program, a consulting service to help developers 
discover and remediate Web application vulnerabilities, as well as 
implement processes, procedures and best practices to permanently 
address Web site security risk. ASAP combines the company's securi- 
ty assessment products and its training and consulting services 
. . . Corda Technologies has launched CenterView, a system for build- 
ing executive dashboards for corporate managers. The software can 
visually highlight trends, variations and exceptions 
in business data; the charts and graphs can be 
drilled down to provide more detailed information or 
, for navigation. It also can serve as a graphics inter- 
face for business intelligence platforms, databases and Excel spread- 
sheets. CenterView works with relational databases, flat files, spread- 
sheets and portals. Reports can be viewed on desktop clients, 
browsers or smart phones . . . JasperSoft is now offering JasperRe- 
ports DBA Dashboard for MySQL, an open-source tool that lets 
developers and administrators monitor database performance, plus 
identify problems in MySQL servers. 



UPGRADES 
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Extentech has released version 4.1 of ExtenXLS, a Java API that cre- 
ates Excel-compatible spreadsheet reports from any data source. 
ExtenXLS lets users execute queries, 
populating the resulting values into 
the appropriate cells in the spreadsheet file. The new release offers 
performance improvements, bug fixes and support for dozens of new 
financial formulas. The component costs US$995 per server proces- 
sor; this includes one test or development seat . . . AdventNet has 
updated its ManageEngine Applications Manager, a tool that man- 
ages Web servers and applications. Version 6.0 supports AIX and Web- 
Sphere 6, and also adds script monitoring capabilities for Linux and 
Windows. Pricing ranges from a free version that can monitor five 
applications up to US$9,995 for an unlimited license . . . Version 6.1 of 
Cape Clear Software's enterprise service bus software, called Cape 
Clear, adds support for Internet messages using the WS-ReliableMes- 
saging specification. It also extends its JMS capabilities to work with 
implementations from BEA, IBM, JBoss, Oracle, Sonic and TIBCO. The 
new middleware also includes an optional integrated version of the 
JBoss JMS and has improvements to its BPEL support 
. . . Acucorp has updated its COBOL server 
software. Extend 7 enhances interoperability 
with Java, making it possible to call COBOL 
from Java, and to call Java from COBOL. It also lets C++ programs call 
COBOL, expands support for distributed IBM CICS applications and 
improves compatibility with other COBOL dialects . . . Lokas Software 
has released AWInstall 4.0, an upgrade of its Windows installer suite. 
The new release, priced at US$99 per seat, expands the tool's .NET 
capabilities to check the version of the .NET Framework, and can reg- 
ister assemblies into the Global Assembly Cache . . . Database devel- 
oper 4D has shipped 4th Dimen- ► continued on page 26 
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Jet Brains Adds 
Web Savvy to IntelliJ 

IDE supports JavaScript, JSP 2.0, mobile development 



BY JENNIFER DEJONG 

When it comes to Web author- 
ing tools, JavaServer Pages and 
mobile development, IntelliJ is 
getting smarter. 

The Prague, Czech Repub- 
lic-based JetBrains last month 
released 5.0 of IntelliJ IDEA. 
Chief among the changes in 
this release is the ability to use 
Cascading Style Sheets, Java- 
Script and HTML from within 
the IDE, said company presi- 
dent Eugene Belyaev. "We have 
created an authoring environ- 
ment where developers can use 
HTML, CSS, JavaScript and 
server-side Java, all within the 
same file." 

Used in IntelliJ, all three 
Web technologies support error 
detection, code completion, 
refactoring (which improves 
code design) and other capabil- 
ities that IntelliJ developers 
have become accustomed to, he 
said. Such improvements are a 
boon for developers because 
dynamic languages, such as 
CSS and JavaScript, are notori- 
ously difficult to check. 

"You never know what envi- 
ronment they will run in," said 
Belyaev. Languages like Java are 
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New to IntelliJ 5.0 is support for mobile development. This shows the 
settings dialog for configuring Java ME applications for building. 



compiled, which means the 
compiler can check for errors, 
he explained. 

IntelliJ 5.0, which costs 
US$499 per license, supports 
JavaServer Pages 2.0. The jump 
to JSP 2.0 is important, because, 
unlike JSP 1.1, 2.0 is purely 
XML-based, which means it can 
be analyzed by tools and servers, 
noted Belyaev. Support for Java 
ME, the micro edition of the 
Java 2 development platform, 
lets developers set up the neces- 
sary mobile Java development 
kit and test and debug their 
code, running it against various 



phone emulators, he said. 

Improved code inspection 
capabilities let developers 
detect unused classes, methods 
and fields, for example, or find 
code that might lead to prob- 
lems such as an if statement 
that is never executed. 

Also new is the ability to 
import projects created in 
Eclipse and Borland's JBuilder, 
and support for the Perforce 
SCM and the open-source Sub- 
version version-control systems, 
in addition to Borland's 
StarTeam, Microsoft's Source- 
Safe and the open-source CVS. I 



Eclipse Green-Lights EJB 3.0 Mapping 



< continued from page 1 

to relational databases. The 
specification, which has not yet 
been finalized by the JCP, will 
eliminate the need to write 
lengthy deployment descrip- 
tors, which are application- 
server specific. By using meta- 
data, EJB 3.0 will enable 
developers to deploy an Enter- 
prise JavaBean to any applica- 
tion server with a couple of 
lines of code, said MacNeil. 
"It's a huge advance in simpli- 
fying development." 

In the Java community, 
there has been a rift as to how 
to do data persistence. BEA 
Systems, IBM and Oracle have 
been opposed to extending the 
object-based Java Data Objects 
specification, saying it was dif- 
ficult for Java programmers to 
implement, while Sun Micro- 
systems has supported it, citing 
its loyal following. Of the four, 
only Sun voted in favor of Java 



Data Objects 2.0 (JSR 243), in 
April 2004, according to the 
Java Community Process Web 
site. 

Sun has since backed 
EJB 3.0, a container-based 
approached to data persistence, 
co-leading with Oracle the JSR 
220. "The EJB/JDO war is 
behind us," said MacNeil. But 
according to the EJB/JDO Per- 
sistence FAQ, published on the 
Sun Developer Network Web 
site, JDO is not going away. 
"JDO will continue to be sup- 
ported by a variety of vendors 
for the indefinite future.... 
However, we expect that over 
time JDO developers and ven- 
dors will shift their focus to the 
new persistence API." 

The Eclipse project will 
focus solely on creating EJB 
3.0 tools, not on the applica- 
tion server they are deployed 
on, he said. The project will 
get under way with an essen- 



tially clean slate. While all 
three players offer object-rela- 
tional mapping tools for Java, 
none has donated code to the 
project. "We could have just 
said, 'Here's TopLink,'" said 
MacNeil, referring to Oracle's 
offering. "But we wanted to 
collaborate, to build some- 
thing from the ground up." 
JBoss and SolarMetrics pro- 
vide the Hibernate Mapping 
Editor and Kodo Develop- 
ment Workbench, respective- 
ly. Both companies are mem- 
bers of the JSR 220 EJB 3.0 
expert group, which Oracle 
co-leads with Sun. 

MacNeil said Oracle is pur- 
suing other companies to join 
the Eclipse EJB project, but 
he did not identify them. He 
also noted that Oracle recently 
proposed two additional 
Eclipse projects: JavaServer 
Faces Tooling Project and The 
BPEL Designer Editor. I 
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Combining Methodologies, Tools for Agile Projects 



< continued from page 1 

With good support, an IDE can 
speed up the writing of code, said Jeff 
Nielsen, chief scientist at Herndon, Va.- 
based Digital Focus, which provides 
agile training and consulting services. 
"But tools can drive you in the way that's 
counter to the agile value system," he 
said. And if tools replace teamwork and 
communication, agile people won't like 
that, added Rally's Leavitt. 

VISUAL STUDIO GETS AGILE? 

Even if agilists like Microsoft's new agile 
offering, they aren't likely to see it as 
agile. The company plans to offer with 
Team System, the life-cycle edition of 
Visual Studio expected in November, a 
plug-in template that provides what 
Microsoft calls "process guidance" for 
teams that choose to make use of it. 
Microsoft Solutions Framework for 
Agile Software Development tells the 
IDE how to behave, said Microsoft's 
Bindia Hallauer, a senior product man- 
ager for Team System. 

"I develop my code and try to check 
it in," she said. "But the tool will tell me, 
you have to write unit tests first." And it 
takes a step beyond that, she said, offer- 
ing how-to advice on creating unit tests, 
for example. 
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view, agile isn't an all-or-nothing 
approach. "In the real world, 
most agile processes supplement 
existing processes," said Hal- 
lauer. "No one process fits all 
scenarios." What's more, Micro- 
soft is not advocating agile soft- 
ware development methods over 
other approaches. The company 
plans a process template guide 
for Team System, for teams 
implementing Capability Matu- 
rity Model Integration, a process 
improvement approach devised 
by the Software Engineering 
Institute at Carnegie Mellon 
University (see sidebar). In addi- 
tion, Team System is designed 
to let enterprise development 
teams — or third-party vendors — 
create their own process guid- 
ance templates, she said. 



Microsoft's MSF for Agile puts process in Visual Studio Team System. 



Source: Microsoft 



VersionOne's Holler characterized 
MSF for Agile as "a lightweight overlay 
on Microsoft's comprehensive infra- 
structure," and said it may be useful for 
a team taking its first steps away from 
traditional waterfall development, 
toward agile. "But will it make teams 



truly agile? You can try, but you are real- 
ly just settling," he said. While it's great 
to see Microsoft embracing agile con- 
cepts, Rally's Leavitt said, MSF for Agile 
is really about "process enforcement," 
not implementing an agile methodology. 
Microsoft does not disagree. In its 



DON'T SAY THE M WORD 

"Guidance" is the operative word for 
Microsoft, said Forrester's Barnett. 
"They are reluctant to use the M word 
[for methodology]." MSF for Agile is not 
an agile methodology, she said. It is 
Microsoft's answer to the Rational Uni- 
fied Process, IBM's software develop- 
► continued on page 17 
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CMMI AND AGILE? SAY IT ISN'T SO 




Agile is all about being adap- 
tive. CMMI aims to make 
processes more predictive. 

So, what on earth do they 
have in common? 

"More than they want to 
admit," said Richard Leavitt, 
vice president of product mar- 
keting for Rally Software, which 
makes software for managing 
agile projects. Both seek to 
provide a disciplined approach 
to developing software, he 
said. "But people can argue they care to admit, 
that they are diametrically says Rally's Leavitt. 
opposed." 

Capability Maturity Model Integration 
is a process improvement approach 
developed by the Software Engineering 
Institute at Pittsburgh-based Carnegie 
Mellon University. Its goal is to replace 
the informal, haphazard approach to 
developing software, which often delivers 
too little, too late, with a formal, more 
predictive model. 

CMMI is a framework that aims for 



CMMI and agile have 
more in common than 



controlled, repeatable pro- 
cesses, noted Leavitt. Agile is 
an umbrella term that en- 
compasses half a dozen soft- 
ware development method- 
ologies, including Adaptive, 
Crystal, Extreme Program- 
ming and SCRUM. The differ- 
ences among the individual 
agile methodologies are sub- 
tle, and all propose iterative 
development. 

By contrast, CMMI aims for 
auditable processes. There's a 
compliance aspect to it, said 
Microsoft's Bindia Hallauer, a 
senior product manager for Team Sys- 
tem, the forthcoming life-cycle edition of 
Visual Studio, noting that many govern- 
ment agencies and defense contractors 
mandate CMMI conformance. Microsoft 
plans to include MSF for CMMI-which 
extends its MSF for Agile offering for 
teams that opt for CMMI-in Team Sys- 
tem, she said. 

-Jennifer deJong 



< continued from page 16 

ment methodology that is implemented 
in, and closely tied to, the company's 
software development platform. IBM 
sees RUP as an agile methodology, said 
Per Kroll, a development methods 
strategist at IBM Rational. But many, 
including Barnett, do not. 



She also disagreed with those in the 
agile camp who claim that RUP and MSF 
for Agile force developers to work a cer- 
tain way. "I don't think they force you to 
conform at all," she said. 

In any case, software development is 
a creative process, said Kroll. "No tool 
can help you be more creative." I 
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"Companies that are seeking to put 
processes in place for managing chanr 
should place Serena's offerings 
at the top of their list." 



~ Analyst firm Ovum research directors Clive 
Burrows and Ian Wesley, New Industry Report 
on Configuration Management Solutions. 



Download the New Industry Report on SBrena's Enterprise Changa 
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Apache OKs IBM Speech Initiative 



BY JENNIFER DEJONG 

IBM's open-source Reusable 
Dialogue Component initiative 
has gained status as a full- 
fledged project at the Apache 
Software Foundation, the com- 
pany announced at the 



SpeechTEK conference last 
month in New York. 

"It has moved out of the 
sandbox," said Brian Garr, 
IBM program director for 
conversation access solutions, 
referring to Apache's incuba- 



tor program, through which 
new projects enter. 

IBM also announced that 
three of its partners — Audium, 
Fluency and Openstream — 
have voiced support for the pro- 
ject by donating RDCs, precod- 



ed speech snippets that elimi- 
nate the need for developers to 
acquire voice user interface 
skills, said Garr. They let devel- 
opers speech-enable applica- 
tions to "converse" with end 
users. Each RDC provides the 
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voice user interface for a basic 
function, such as getting a name, 
address, city, state or country, as 
well as credit card numbers, 
dates and currency, he said. But 
he did not specify what func- 
tions each partner's offering 
addresses. 

IBM launched the RDC ini- 
tiative last September. Devel- 
oped by IBM Research, RDCs 
are JavaServer Page tags that 
generate VoiceXML at runtime. 
VoiceXML is the W3C standard 
for specifying voice dialogues 
between humans and comput- 
ers. IBM WebSphere Voice 
Server is based on VoiceXML, 
while Microsoft's Speech Serv- 
er relies on the competing 
Speech Application Language 
Tags (SALT) standard. I 

Kode 1.0: 
IDE for Many 
Languages 

BY DAVID RUBINSTEIN 

A new multiplatform, multilan- 
guage development environ- 
ment has been released by 
theKompany.com, which hopes 
a very low price point and ease 
of use will be enough to differ- 
entiate it from the myriad other 
IDEs already on the market. 

Kode 1.0 will sell for 
US$39.95 per seat, according to 
Shawn Gordon, president of the 
Rancho San Margharita, Calif. - 
based company. "We've got sup- 
port for a huge list of languages," 
Gordon said, citing C/C++, Java, 
Perl, Python, Ruby, Ch, TeX, 
SQL and many variations, as well 
as Web-related languages like 
HTML, DTML, PHP, CFML 
and JSP, plus XML. 

Gordon said few developers 
creating Web apps connected 
to back-end systems touch only 
one language anymore. Provid- 
ing support for all these lan- 
guages in one IDE is "all about 
a comfort level," he said. 

Kode 1.0 allows what Gordon 
called arbitrary configuration of 
builds or Makefiles, so that users 
can specify an interpreter for 
scripts or launch a compiler 
when needed. 

The next release, which 
Gordon said is coming soon, 
will integrate with the CVS and 
Subversion version control sys- 
tems, and include debugging 
and database wizards, which 
will automatically generate 
intermediate XML files and 
convert them to the appropriate 
language code. I 
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LinuxWorld Goes Corporate, Global 



< continued from page 1 

tools for free, provided they are 
utilized in open-source projects, 
while their use in closed-source 
projects incurs a fee. 

Many companies used Linux- 
World as an opportunity to open 
up their own projects to the 
community at large. IBM 
offered some of its newest code 
to open-source developers, 
including a tool for rapidly 
searching databases by "key 
facts," and VMware said it 
would make its source code 
available to its business partners, 
though not to the public at 
large. Such caveats were exem- 
plary of the numerous, and 
often-times disingenuous, moves 
to open source. 

With software patents 
weighing heavily on the minds 
of many in the community, 
Open Source Development 
Labs announced the creation 
of the "patent commons" pro- 
ject, which it hopes will 
become a repository for 
patents made available to 
open-source developers. 

One company that has 




Beijing. A.sfoM.i mix Cu|»l 







One of this year's trends was the appearance of a number of Asian Linux 
projects and associations on the show floor. 



released numerous patents to 
open source is IBM, which 
announced its Grid and Grow 
platform. The initiative is 
designed for midsized and large 
businesses in need of expand- 
able grid computing solutions. 
IBM also announced the 
advancement of its Workplace 
software, aimed at midsized 
businesses in need of Linux- 
based communication and col- 
laboration software. 

Redwood Shores, Calif. - 



based Gupta Technologies 

led the cross-platform develop- 
ment charge with its announce- 
ment of Team Developer 
2005.1. This new revision offers 
enhanced support for MySQL, 
and new OOP-to-XML inter- 
faces. This new edition also 
includes an updated version of 
the company's popular Report 
Builder software. 

MySQL AB was on hand to 
announce its extended part- 
nership with Novell and to 



boast about its expanded adop- 
tion in database-driven Web 
applications. Novell, in turn, 
announced that it would begin 
offering openSUSE, a free and 
open-source version of its pop- 
ular Linux distribution. 

Funambol, a Silicon Valley 
start-up, hawked its support 
options for the Sync4j software 
project. The company has con- 
tributed a great deal of code to 
this open-source mobile applica- 
tions server, and also announced 
it received US$5 million in ven- 
ture capital, led by Walden Inter- 
national and H.I.G Ventures. 

Business Objects an- 
nounced the release of its pop- 
ular BI platform, Business- 
Objects XI, for Linux, with new 
support for Novell's SUSE Lin- 
ux and Red Hat's Enterprise 
Linux. GoldenGate Software 
showed off its MySQL transac- 
tional data management prod- 
ucts, while BakBone Soft- 
ware announced the first video 
surveillance system for Linux. 

Monrovia, Calif. -based Para- 
soft announced the release 
of C++Test 6.5, an automated 



testing tool that also can ana- 
lyze coding standards and offer 
help to muddled programmers. 
The company also showed off 
Jtest 7.0. 

Norwegian developer Troll- 
tech announced the release of 
Qt 4, an updated release of its 
cross-platform C + + develop- 
ment tool. In addition, the com- 
pany showed off Qtopia, a 
mobile application develop- 
ment platform based on Qt. 

Another noticeable trend on 
the show floor was the appear- 
ance of numerous Asian Linux 
projects and associations. The 
Beijing Software Industry 
Productivity Base had repre- 
sentatives at the event to voice 
their support for the operating 
system. 

Korea-based Sun Wah Lin- 
ux announced its new Debian- 
based Linux distribution, the 
first of its kind to be regional- 
ized for the Chinese market. 

Another Asian developer, 
Singapore-based Resolvo Sys- 
tems, offered new products to 
help companies migrate their 
desktops and servers onto Lin- 
ux. The software, called the 
MoveOver Enterprise edition, 
brings everything from a Win- 
dows desktop into Linux. I 
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SAAS: Sales, Support Are the Same 



< continued from page 5 

tions get asked most often. "If 
API activity calls go through 
the roof, we ramp up API 
training," said St. Ledger. 
"Support and education are 
attached at the hip." 



REACHING OUT TO RESELLERS 

SAAS players who have already 
reached out to resellers have 
done so largely to tap into indus- 
try-specific domains that are 
otherwise difficult to penetrate. 
ScribeStudio has teamed up 



with Ringwood, N.J. -based 
SANS, which serves the lan- 
guage learning market, reselling 
hardware and software to high 
schools and colleges. "We want 
them to be the front line of sup- 
port for the schools," said 



Cervieri. "We train them, deliv- 
ering support when they call our 
office." To reach small business- 
es, the company is in the initial 
stages of going after broad- 
based market resellers, such as 
Office Depot and Costco, he 
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said. But that raises questions of 
how best to convey to potential 
buyers what ScribeStudio sells. 
"Do we create a package that 
includes a CD-ROM with noth- 
ing but a link to our Web site?" 
asked Cervieri. Otherwise, there 
is no physical product associated 
with the sale, he said. 

Salesforce.com distributes 
its offering directly, and just 
recently has begun to co-sell 
with partners. St. Ledger did 
not say what percentage of the 
monthly revenue co-sellers 
keep. But she emphasized that 
Salesforce.com has no plans to 
offload the support function to 
those that resell its service. 
Some SAAS providers haven't 
been partner-friendly, said 
Brent Arslaner, vice president 
of product strategy for Santa 
Clara-based Jamcracker, which 
offers software that automates 
billing and other management 
functions for SAAS providers. 
"But they have to make it easier 
for partners to get into the 
game." 

The SAAS model can't grow 
without a vibrant channel, 
added Chris Clabaugh, vice 
president of business develop- 
ment for Brisbane, Calif. -based 
CollabNet, which delivers its 
development framework as an 
Internet service. To date, the 
company has sold direct, but it 
expects to announce channel 
partners and programs this fall. 

To bring partners on board, 
SAAS providers must offer them 
incentives to sell, as well as 
opportunities to make money 
delivering service, said Cla- 
baugh. "Pricing should be 30 
percent off list. That is the norm 
for the channel." In addition to a 
percentage of monthly per user 
revenue, partners also should 
receive a bigger piece of repeat 
business. In return, partners 
should assume responsibility for 
support. Even though basic sup- 
port has no revenue associated 
with it, there are opportunities 
for partners to make money 
delivering enhanced support 
offerings, he said. 

How do channel partners 
feel about that? At least one is 
game. The model for selling 
software has changed dramati- 
cally, and channel partners 
have to adapt to those changes, 
said Eric Scheible, president of 
Scheible Rassieur, a reseller 
and professional services firm 
in Los Gatos, Calif. There is a 
great deal of opportunity in 
selling software as a service, he 
said. "The technology is there. 
SAAS makes sense now." I 
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Konfabulator Kick-Starts Yahoo Developer Network 

Desktop tool program is now free, will support Yahoo XML APIs 



BY ALEX HANDY 

Arlo Rose, Perry Clarke and Ed 
Voas are rather excited about the 
fact that the Sunnyvale, Calif., 
office ofYahoo.com has free cof- 
fee. That's because these three 
gentlemen, the makers of the 
Konfabulator desktop enhancer 
for Mac OS X and Windows, are 
now full-time Yahoo employees. 
Soon after Yahoo acquired 
Konfabulator at the end of July, 
it was announced that the Kon- 
fabulator team would kick-start 
the Yahoo Developer Network. 
The new development network 
will take advantage of Yahoo's 
newly created XML APIs. 

KONFABULATOR ORIGINS 

Konfabulator began as a way of 
integrating commonly used 
applications into the Mac OS, 
and later, into Windows. Rather 
than loading a calculator or cal- 
endar application whenever it 
was needed, Konfabulator kept 
small and colorful versions of 
these applications hanging 
along the side of a screen ses- 
sion, ready to be used at the 
push of a button. These individ- 
ual tools are called widgets. 

Chief among Konfabulator 
widgets are Internet-enabled 
items such as weather reports, 
television schedules and stock 
tickers. Since widgets such as 
these require a source for the 
information they convey, 
Yahoo's acquisition of Konfabu- 
lator's parent company, Pixoria, 
gives Yahoo an extensible plat- 
form for disseminating its data, 
and for creating code that 
demonstrates how to access 
that data. The company has 
removed the registration fee 
formerly associated with Kon- 
fabulator, making it a free appli- 
cation for Windows and Mac 
users. The latter platform, how- 
ever, has been usurped by 
Apple with the release of Dash- 
board in Mac OS 10.4, a copy- 
cat program that mimics the 
functionality of Konfabulator. 

With the release of its XML 
APIs, Yahoo is moving into 
head-to-head competition with 
Google, which also released 
application interfaces for its 
information tools, such as 
Google Maps. 

"The best thing is that we 
now have the ability to have a 
say in the kinds of data feeds we 
get [for use in Konfabulator]," 
said Rose, now Yahoo's Director 



of Widget Technology. 

"With the Yahoo finance 
property we [Rose and his 
team] have the ability to do 
portfolios and have it all be cen- 



tralized, so no matter what 
computer you're on, you have 
the ability to get that same 
information through that wid- 
get if you happen to have a 



Yahoo user ID," said Rose. 

As one of the founding mem- 
bers of the new Yahoo Develop- 
er Network, Rose and his team 
are the first programmers to get 



their hands on Yahoo's new APIs. 
His main task is "taking those 
XML APIs and working with the 
people that are working on them 
to get them usable, and then 
doing cool things with them in 
Konfabulator. We're working 
with folks both internally and 
externally to come up with neat 
things to do," said Rose. I 
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MORE UPGRADES 



5PI DYNAMICS 



< continued from page 14 

sion 2003.7. This update to the cross-platform database engine sup- 
ports Mac OS X 10.4 and includes several bug fixes . . . SPI Dynamics 
has integrated its QAInspect security testing software with Mercury 

Interactive's Business Process 
Testing. The integration lets QA 
professionals add security testing to an existing business process test 
plan using prewritten test components . . . ILOG has released Gantt 
for .NET 3.0, a project management charting component for Win- 
dows. The new release includes a "project management option" that 
lets developers customize the appearance of user interfaces to fit cor- 
porate styles or palettes. It also can generate tree tables, and uses 
image transparency to indicate how much of a resource is used for an 
activity . . . BEA Systems is now offering a version of its JRockit 5.0 
Java Virtual Machine for 64-bit Linux running on Xeon or Opteron 
processors . . . Aladdin Knowledge Systems has made its HASP HL 
software user authentication system compatible with Apple Comput- 
er's forthcoming Intel-based Macintosh systems. HASP HL is based on 
a USB-based hardware key ... Hit Software has updated Ritmo, its 
specialized .NET data provider for accessing DB2 databases running 
on IBM's iSeries or AS/400 minicomputers. Version 3.0 includes new 
design tools to let developers use Visual Studio to navigate the mini- 
computer databases and database objects. The new release also inte- 
grates with Microsoft's SQL Server Reporting Services, which lets that 
application connect to the iSeries DB2 database . . . Version 3.0 of 
Exadel Studio Pro, a Java IDE from Exadel, adds new support for 
JavaServer Faces, Struts, Hibernate and Spring. The Eclipse 3.1-based 
IDE also adds a visual JavaServer Pages page designer, enhanced 
database mapping tools for Hibernate, and a verification framework 
for XML, JSP and Java code, and JSF and Struts configuration files 
. . . Eiwa System Management is offering version 2.3 of JUDE Pro- 
j! T7II7 fessional, a modeling tool. JUDE stands for "Java and 



UML Developer's Environment." The new release 
integrates with Mind Map, a free-form tool that helps developers brain- 
storm and collaboratively visualize application or design objectives. 
The company offers a free community version and an enhanced ver- 
sion with additional diagrams for US$280 . . . SourceLabs has creat- 
ed SASH Stack for Java, an integrated stack of open-source tools 
that offer Java-friendly building blocks for applications. SASH includes 
Java-centric frameworks for Web applications development, including 
Apache Struts and Axis, and Java Spring and Hibernate. 



PEOPLE 



— ^^ NCR has hired Bill Nuti as its new president and CEO. 

■ Nuti formerly was president and CEO of Symbol 

Technologies, which sells embedded operating sys- 

M. terns and tools for mobile devices. Sal lannuzzi, 

I Symbol's senior VP and CFO, has been named interim 

BUI president and CEO while a search for a replacement 

NUTI is conducted. NCR's previous chief executive, Mark 

Hurd, succeeded Carly Fiorina at the helm of Hewlett-Packard 
. . . Kevin Turner is the new COO of Microsoft; he had served as pres- 
ident and CEO of Sam's Club, which is Wal-Mart's warehouse club divi- 
sion. Microsoft's previous COO, Rick Belluzzo, left in a 2002 corpo- 
rate reorganization, and later became chairman and CEO of storage 
company Quantum . . . Telelogic AB, the Swedish software tools mak- 
er, has promoted Scott Raskin to COO. Raskin had 
served as president of Telelogic's American division 
since 2001; he will be based in Irvine, Calif. . . . Novell 
has hired Susan Heystee as president of its North 
American sales and field operations; she had been VP 
and general manager of sales in the Midwestern U.S. 
Heystee replaces Ron Hovsepian, who was earlier pro- HEYSTEE 
moted to EVP for worldwide field operations . . . Sandeep Gupta is 
the new CTO of The SCO Group; he had been with the original 
Santa Cruz Operation since 1996, and most recently served as VP of 
engineering. The previous CTO, Scott Lemon, left the company in 
early 2004. 1 






Don't Throw Out the Source Code 
When Upgrading the Hardware 

Workstation recycling can pose a big security risk 



ronmental solution, you need 
someone who will handle the 
data security and reuse the 
machine. From a security stand- 
point, the best thing they can do 
is remove and physically destroy 
the hard drives themselves. Your 
secondary option is to contract 
with a reputable organization to 
handle data security." 

Burgett continued, "Data 
security is a bit of a bugaboo. 
People are destroying hard 
drives that never need security. 
Unless your corporate secrets 
are on the drive, I submit a sim- 
ple formatting will do well. A 
good rule of thumb is if the 
information that's on the drive 



BY ALEX HANDY 

Thanks to an economy that's 
gaining a head of steam, most 
software development managers 
now will be able to rationalize 
those system upgrades that 
they've been putting off for the 
past few years. As a result, pro- 
ductivity will increase and build 
times will decrease. But don't 
toss those old computers in the 
trash just yet! Are there large 
chunks of source code on those 
hard drives? Do the members of 
your development team use 
expensive per-seat software? Are 
your development road maps 
sitting in Word documents on 
those drives? 

When your company 
retires computers from 
the front lines, there is 
enormous potential for 
security breaches. In the 
1970s the phone company 
learned that throwing doc- 
uments in the trash meant 
phreaks would try to dig 
them out at night, flash- 
light in hand. These days, Hi ^» JUL 
companies are quickly dis- Development shops recycling hardware need to 
covering that hackers and precautions to protect source code. 
the competition can find 




take 



all manner of usable data on old 
hard drives, from valuable snip- 
pets of source code, to network 
passwords, to licensing informa- 
tion for those expensive devel- 
opment tools. Before you hand 
those old machines over to IT, it 
might be a good idea to sit down 
and figure out just what you're 
giving away. 

DECIDE BEFORE DONATING 

James Burgett is the director of 
the Alameda County, Calif., 
Computer Resource Center, a 
nonprofit electronics recycler 
near San Francisco that special- 
izes in refurbishing old equip- 
ment and donating it to non- 
profits, third- world nations and 
underprivileged individuals. 
For Burgett and his staff, the 
decisions made by donating 
companies can have far-reach- 
ing consequences. 

"If you hand it off to an orga- 
nization that will refurbish it for 
reuse, they will take care of the 
data," said Burgett, whose staff 
installs Linux on donated PCs 
after formatting the drives. "If 
you're looking for the best envi- 



is such that it would require 
shredding if it were on paper, 
you should probably destroy 
the drive." 

Lance Taylor, reclaim analyst 
for chip-maker Advanced Micro 
Devices, said that his company 
has a blanket policy for hard- 
drive donation: They don't do it. 
"We don't do that because we 
don't have the resources to clean 
the drives ourselves. So destruc- 
tion of the drives is what we're 
left with because of any poten- 
tially proprietary information." 
Taylor went on to state that his 
company contracts with scrap 
metal recyclers for drive destruc- 
tion, and that establishing a 
good working relationship with 
a recycler is key to success. 

"We use various different 
recyclers depending on the sit- 
uation. We are actually there 
while they're sent through a 
crusher, or grinder or press. 
They go in one inch in height 
and come out a quarter inch in 
height," said Taylor. 

But destroying the drives also 
negates the possibility of reuse. 
Burgett said that he is currently 



experiencing a shortage of usable 
hard drives in his donation 
stream due to widespread data 
security concerns. Without hard 
drives, some of the PCs he 
receives cannot be refurbished 
and donated, and thus enter the 
recycling stream rather than the 
reuse stream. 

CHOOSE RECYCLER WISELY 

That sentiment is echoed by 
Bill Vass, CIO of Sun Microsys- 
tems. "You need to make sure 
you're choosing your recycler 
carefully," said Vass, who is a 
former employee of the De- 
partment of Defense, "because 
it is entirely possible that they 
could send stuff over [to 
China]." 

Vass said that the 
biggest danger when 
recycling hard drives is 
boredom on the part of 
the recycler. If someone 
on the other end is look- 
ing for something to 
do, said Vass, they may 
just try to boot a ran- 
dom machine and root 
through the data for fun. 
The same goes for 
other types of media: A random 
CD found in a dumps ter could 
find its way into the drive of a 
hacker who's gone trashing. Vass 
said that destroying solid media 
is the best bet for security con- 
cerned organizations. "There 
are CD shredders. They can 
even shred flash cards, though 
they would have a little trouble 
with a USB drive," said Vass. 

Vass went on to say that Sun 
typically does not have to worry 
about desktop data security 
when it retires machinery, 
because it uses its own Sun Ray 
thin-client terminals. "I encour- 
age people to use a thin client 
so they don't have to mess with 
any of this," said Vass. "If some- 
one ever steals a thin client, 
there's no data on it." 

While thin clients certainly 
solve the issues related to data 
security on the desktop, most 
organizations aren't using them. 
But that's just fine with Burgett. 
His nonprofit donated over 
5,000 Linux-based PCs to peo- 
ple in need last year, and at 
least half of them came from 
corporate donors. I 
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Metrowerks Brand Defeated by CodeWarrior 



Scaleback of non-Freescale targets nears completion 



BY EDWARD J. CORREIA 

Metrowerks this month will 
cease to exist as a legal entity, 
and its former operations will 
be organized under a yet-to-be 
named division, its parent com- 
pany Freescale Semiconductor 
told SD Times in July 

The company had gradually 
been scaling back operations of 
Metrowerks, the development 
tools company it acquired 
while Freescale was still the 
semiconductor division of 
Motorola. Now, with the 
exception of its Linux tools, 
Metrowerks has divested or 
halted advancement of all tools 
targeting non-Freescale sili- 
con. This has extended to non- 
embedded platforms as well, 
with Metrowerks announcing 
the discontinuation of its 20- 
year-old CodeWarrior for Mac- 
intosh development suite. 

"We think that investing in 
Freescale will help the overall 
business grow," said Tim 
Tumilty, Freescale's director of 
marketing and operations. 



"Instead of focusing on 
being a major external 
tools company, we want 
to be the leading 
embedded semiconduc- 
tor company." Before it 
was acquired, Metro- 
werks was known for its 
agility, often releasing 
tools for new platforms 
faster than competitors. 

But John Smolucha, 
former vice president of 
marketing for Metro- 
werks, doesn't believe 
Freescale is making 
the right moves when 
it comes to the tools 
division. 

"I think that Free- 
scale doesn't necessarily under- 
stand the value of software and 
the whole development process 
as an enabler to the sale of 
silicon," Smolucha said. "There 
was a reason [Motorola] ac- 
quired that company. It was a 
strategic acquisition. And I 
think that down the road people 
will look at that and think that 




Freescale wants to focus on becoming 'the leading 
embedded semiconductor company/ according to Tumilty. 



folding it back wasn't the right 
thing to do." Smolucha is now 
vice president of worldwide 
operations at Encirq, an 
embedded data management 
solutions provider. 

One of Freescale's most 
recent moves came last fall, 
when it sold its SymbianOS 
tools to Nokia for US$30 



million; many of its 
other divestitures and 
product discontinua- 
tions went largely 
unnoticed. "Obvious- 
ly Nokia saw the 
strategic importance 
of owning that 
CodeWarrior tool- 
chain for SymbianOS, 
and Freescale didn't," 
Smolucha said, "even 
through it would 
have enabled their 
microprocessor archi- 
tectures to have an 
advantage." 

But the change in 
strategy, Tumilty said, 
came as a direct re- 
sult of a shifting competitive 
landscape. "When I joined the 
company about 15 months 
ago, many people on my team 
wanted to beat Wind River, 
MontaVista or Green Hills. 
Today our competitors are rec- 
ognized as Intel, TI, Microchip 
and the other semiconductor 
companies." 



So the company gradually 
disengaged from most of 
those competitors, Tumilty 
explained, and began talks with 
what it saw as its new potential 
partners, companies like Green 
Hills, MontaVista and Wind 
River. "Today we license our 
technologies to many third par- 
ties in the ecosystem, and we 
intend to continue that strategy 
to unbundle our technologies 
and offer them to third-party 
partners. That's a change in 
strategy for us." 

Freescale also will continue 
to supply CodeWarrior to a few 
chip makers, one of which is 
ARM. "Freescale is an ARM 
licensee, so we continue to do 
business. But the objective for 
our alignment strategy is to 
focus on leveraging Freescale 
technologies." 

The final step is to dissolve 
Metrowerks as a legal entity, 
which Tumilty said would be 
sometime later this month. "We 
don't want to fund three brands 
and confuse the market with 
three different names," he 
explained. Tumilty would not 
rule out the possibility of lay- 
offs. "I never say never. But I 
don't believe there are any 
plans for major changes." I 
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But Do They Have 

Colleges are changing their development curricula to impart 
but don't expect new graduates to be immediately ready 
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BY ESTHER SCHINDLER 



Skills? 



more knowledge, 
for the real world 




For six semesters, while she was a 
grad student in the United States, 
Myrosia Dzikovska, a researcher 
at the Human Communication 
Research Centre in Edinburgh, 
Scotland, worked as a teaching assistant. 
She assisted undergraduate students and 
first-year doctoral candidates, and graded 
papers. "I seemed to be engaged in a con- 
stant battle with most of them to obtain 
properly documented and readable 
code," she said. Few would follow even 
the most basic guidelines. Underlying 
their excuses, Dzikovska said, "Many 
didn't have the habit of proper code 
development in the first place." 

You've probably hired one of those 
students. 

In nearly every profession, it's com- 
mon to complain about the poor quality of 
the latest crop of college graduates. You 
don't have to buy a second beer for a 
development manager before you hear 
horror stories of new hires who know 
nothing of software testing or writing 
secure code. Yet, software development — 
and the universities we depend on to sup- 
ply its practitioners — have unique 
demands. Technology and tools evolve 
faster than any reasonable curriculum can 
keep up with. Then, the first day on the 
job, new hires are expected to demon- 
strate both theoretical breadth and 
domain-specific depth. 

IT managers may think that their new 
hires are ill-prepared for the real world, 
but many higher education professionals 
refuse to shoulder the blame. At its heart, 
the issue revolves around two questions: 
the expectation of a college grad's knowl- 
edge (and thus your company's need to 
provide additional training), and the old 
art-versus-science debate about program- 
ming that you probably had in your own 
dorm room when you were in school. 
At many universities, the emphasis is 




'Economics majors don't pick mutual fund 
portfolios right away. Chemistry majors 
don't formulate detergents without 
more work. Why do employers expect 
more from an undergraduate computer 
science degree?' 

—David Hemmendinger, professor of computer science 
at Union College in Schenectady, N.Y. 



on broad understanding rather than job 
skills. "A four-year university program can- 
not produce graduates who will require no 
additional training, nor should we try," 
explained Karen Ward, assistant professor 
of computer science at the University of 
Portland in Oregon. "We teach the basic 
skills and try to lay a broad foundation 
of concepts that will support the graduates 
in whatever direction they decide to go 
professionally. We actually get dinged in 
the accreditation process if we are teach- 
ing courses with no significant theoretical 
or foundational content, and rightly so." 

Kyle Lutes, associate professor in the 
department of computer and information 
technology at Purdue University in West 
Lafayette, Ind., agreed. "A common belief 
among university faculty is that the pur- 
pose of a university degree is not to pre- 
pare the student to be productive in the 
workplace the first day after graduation. 
Training a worker to be effective in an 
organization is the responsibility of the 
hiring organization," Lutes said. 

It's not a matter of unwillingness, 
according to these professors. In the 
classroom, experience can only be simu- 
lated, said Doug Waterman, IT instructor 
at Fox Valley Technical College in Apple- 
ton, Wis. "Experience fleshes out the 
framework we supply in our classes." 

The sheer number of complex and 
expensive tools and techniques makes the 
challenge even more difficult. A student 



takes two courses in his major per semes- 
ter, over eight semesters. "That gives you 
16 courses to teach a student everything, 
from how to write a simple program 
using variables and if statements, all the 
way to how to work on a team to develop 
a multitier enterprise application that 
supports thousands of concurrent users, 
has a Web user interface and a Windows 
form GUI, and uses a robust RDBMS 
back end," Lutes pointed out. 

If you add to the curriculum, some- 
thing else has to go. Explained Ward: 
"We're trying to jam more and more 
'must have' topics into a very limited 
number of contact hours." 

As a result, some professors said, it's 
unrealistic for businesses to expect col- 
lege grads to be truly useful the first day 
on the job. "In what fields do brand-new 
college graduates do production work 
immediately upon graduation?" asked 
David Hemmendinger, professor of com- 
puter science at Union College in Sch- 
enectady, N.Y. "Economics majors don't 
pick mutual fund portfolios right away. 
Chemistry majors don't formulate deter- 
gents without more work. Why do 
employers expect more from an under- 
graduate computer science degree?" 

INDUSTRY EXPERIENCE 

Plus, the university system does not 

encourage faculty relevance. First, 

► continued on page 34 



THREE THINGS TO ASK THE KID IN FRONT OF YOU 



It's nice to know about colleges improving their IT curriculums, but that may not help 
when you're interviewing a fresh-faced graduate who's earnestly hoping to get her first 
job. Here are some guestions to help you learn about the guality of education that your 
would-be programmer received. 

• Tell me about your favorite professor's background. If the position reguires the newest 
skills, make sure that the student learned from someone who's written production 
code in the past five years. 

• What's the biggest project you've worked on, and how long did it last? To many 
students, a "large" application would be considered trivial inside your company. 
According to Myrosia Dzikovska, a researcher at the Human Communication Research 
Centre in Edinburgh, Scotland, the students she worked with "had to write toy exam- 
ples, and eventually individual or small group projects, but all of these were of limit- 
ed size. They never really had an experience of taking a large previously developed 
software system and trying to modify it." 

• Do you prefer to work on front-end presentation systems or back-end server appli- 
cations. Why? Professional trainer Peter Petroski, who has taught programming cours- 
es for several years, including at Learning Tree International, finds that many students 
prefer front-end, presentation management code. "It is flashier, has a higher degree of 
visibility amongst people who matter [their peers, for example], and is trashable as 
soon as the next release of underlying technology becomes available.... Coding struc- 
tured server-side programs is perceived as boring, even though the potential for more 
income is higher." —Esther Schindler 
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< continued from page 33 

they're rewarded more for 
research and publication rather 
than industry experience; and 
many professors have only sec- 
ondhand knowledge of life in 



an IT shop. They may not be all 
that good at programming or 
testing themselves, Lutes sug- 
gested, and they've probably 
never developed a secure 
application for use in a net- 



worked environment. 

Many nontraditional and 
community colleges use this as 
an opportunity to stress their 
ability to impart real-world 
knowledge. Sydney Caddel- 



Liles spent several years as a 
software engineer, and now 
teaches C# for DeVry Universi- 
ty Online from her home in 
Porter, Ind. DeVry, and schools 
like it, are outcome-based edu- 
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cation. "Everything the stu- 
dents do can be traced back to a 
specific objective," she said. 

According to Terri Keane, 
an IT instructor for Fox Valley 
Technical College, the Wiscon- 
sin Technical College system 
requires all its instructors to 
have a minimum of two years 
experience in the field. "We 
know how important testing is, 
and writing secure apps, and 
the importance of quality assur- 
ance," said Keane. "Students 
hear us say these things over 
and over." 

CHANGES AFOOT 

Some of the above may sound 
like whiny excuses, especially 
when you're the manager who's 
faced with an unready program- 
mer. Traditional and nontradi- 
tional higher-education venues 
are making several changes to 
their curricula, however. They're 
simply struggling with the 
(sometimes insurmountable) 
problems in doing so. 

Most four-year programs still 
are trying to turn out computer 
science graduates who are pre- 
pared to move into any part of 
the field, or to go on to a 
research-oriented graduate pro- 
gram. Perhaps, said Ward, that 
isn't realistic. 

The computer science field, 
she said, is starting to fission 
into several separate specializa- 
tions, much as engineering has. 
"We're seeing more schools 
offering 'tracks' of upper- divi- 
sion electives that allow stu- 
dents to gain some additional 
depth in one part of the field at 
the expense of others, and 
we're seeing more students 
turn to non-thesis masters 
degrees for additional special- 
ization. We are also starting to 
see more specific four-year pro- 
grams, such as software engi- 
neering degrees." 

There's also more emphasis 
on real-world skills in the gener- 
alist education. 

Ken McCullough, lead 
instructor in the information 
technology department at 
Madison Area Technical Col- 
lege in Wisconsin, said the col- 
lege is adding to its testing, 
teamwork and communication 
skills. As one example, "Fourth 
semester students take a cap- 
stone class where they work as a 
software development team; 
they sign off on quality assur- 
ance at several steps in the pro- 
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Real World 



ject including design review, 
code review, and program/sys- 
tem test scripts," McCullough 
explained. 

Ann Friauf is on the faculty 
at Carnegie Mellon West, 
where she teaches masters stu- 
dents in software engineering 
and everything is project-based. 
"Students work in teams to 
gather and analyze require- 
ments, design the architecture 
and build a product. The teams 
submit their documents and 
code, and the grades are based 
on the quality of their work. 
Teams work closely with the fac- 
ulty throughout the program." 

Kishore Ramachandran, chair 
of the core computing division 
at Georgia Tech's College of 
Computing, said the university's 
introductory computer science 
course uses real-life experiences 
and interests to motivate stu- 
dents to attract them to the field. 
"Students study and create pro- 
grams that manipulate sound, 
images and movies. They write 
code to create special effects for 
photos and movies, splice audio 
clips and create Web pages. In 
fact, the technology built for the 
course has proved to be so effec- 
tive that other universities have 
adopted Tech's curriculum and 
improved course retention rates, 
especially among women." 

WHAT YOUR COMPANY CAN DO 

Education is too important to 
leave to the educators. If your 
company wants better-equipped 
programmers, then it has to get 
involved in the process. 

First, calibrate your expecta- 
tions. Any new hire takes 
months to become truly pro- 
ductive on the job, even those 
with plenty of experience. 
That's even more true for kids 
straight out of college, who 
need to adjust to working life, 
learn your company's tools, and 
gain the day-to-day job skills. 

One solution that benefits 
everyone is internships. SPI 
Dynamics hires many pro- 
grammers from Georgia Tech 
after first having the students 
on-site as interns. The Imaging 
and Solutions Technology 
Center, part of the Xerox Inno- 
vation Group, hired three sum- 
mer interns this year, reported 
Lissy Bland, senior hardware 
design engineer at Xerox. "As 
far as I can tell, all three were 
productive within the first 
month," she said. 



Share your expertise. Send 
your own experts to lecture at 
the college. SPI Dynamics is 
actively working with Georgia 
Tech to improve the secure 
coding curriculum for develop- 



ment and IT security students. 
Purdue has an industrial adviso- 
ry board that consults on cur- 
riculum issues, according to 
Lutes. Faculty members also 
need support in the form of 
money, equipment and soft- 
ware. "If businesses aren't hap- 
py with what the colleges and 
universities are doing, they 



need to get involved," he said. 

That's especially true if you 
want specific skills, because you 
probably won't get them direct- 
ly from the university system. 
Professor Daniel Jackson, of 
the Computer Science and Arti- 
ficial Intelligence Lab at the 
Massachusetts Institute of 
Technology, said, "An under- 



graduate degree is not primarily 
for vocational training; our job 
is to teach our students things 
that will benefit them in the 
long term. It's important that 
universities don't get caught up 
in transient technology trends, 
or waste time on details of com- 
plex tools that won't be around 
in a few years' time." I 
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EDITORIAL 

Teach Your Children Well 

Is there anything less useful than a newly minted col- 
lege graduate? Whether in programming, electrical 
engineering or journalism, book learning rarely maps 
directly into the real world. 

That's true not only because college grads lack the 
experience of working on real projects, being part of real 
teams, and betting their paychecks on real deadlines. It's 
true also because the technologies, paradigms and tools 
being taught at most universities lag somewhat behind 
the state of the art. 

Professors and faculty can't revise their courses to take 
into account every new theory; that's not their job, of 
course. Schools focus on opening young minds, laying a 
groundwork of principles and essential skills. What comes 
out is (or should be) top-grade raw material for a long and 
rewarding career in software development — not an ana- 
lyst, architect or coder ready to assume a leadership role 
on a behind-schedule integration project. 

That leads to a conundrum for software development 
managers. Do you hire recent graduates, hoping that 
their youth, enthusiasm and low starting salaries will over- 
come their relative lack of initial productivity, and know- 
ing that you (and your team) will need to invest consider- 
able time and effort in training? Or do you recruit more 
seasoned developers, paying more money but gaining the 
benefit of their prior work experience? 

In the real world, of course, most development organi- 
zations do both, mixing together a variety of skills and 
tenures to produce a team that can hit the ground run- 
ning but also learn as it grows. 

The learning process can be jump-started, of course, 
by finding the right talent and the right places from 
which to recruit students. Many colleges and universi- 
ties are helping new grads by providing real-life pro- 
jects as part of the degree program. They're also giving 
courses more relevance by requiring that faculty have 
recent industry experience, in addition to an academic 
background. 

But even so, most employers need to be prepared to 
continue the educational process, not only with mentor- 
ing, but also with supplemental training on the specific 
technologies, methodologies and processes used within 
their organizations. Such training ranges from informal 
brown-bag sessions, to in-house classes, to online learn- 
ing, to attendance at industry conferences and vendor 
seminars. 

Many development shops give developers flexibility 
to buy books and other materials to enable self-learn- 
ing. Training companies, too, can bring new hires — and 
old hands — up to speed on the latest tricks, as well as 
teaching the core fundamentals that the universities 
forgot. 

So, while we're all frustrated with the blank stares and 
lack of instant productivity shown by recent graduates, 
don't look at this as a failure of the educational system. In 
most cases, the goal of a college education isn't to prepare 
students to begin designing the latest Web services appli- 
cation, migrate a client/server stack onto a cluster, or to 
teach the specific techniques that protect against a SQL 
injection attack. 

The schools have laid the groundwork. But you'll have 
to take the students the last mile yourself. I 



SOAs Are Turning the Corner 



In the past year, service-ori- 
ented architectures have 
become mainstream because of 
their promise to provide busi- 
ness agility and flexibility 
through integration, productivi- 
ty and reuse. Organizations 
across many industries are now 
investing in SOA strategies in 
order to put their IT house in 
order. In fact, a recent For- 
rester report found that more 
than 70 percent of large enter- 
prises, as well as many small 
and medium-sized businesses, 
are currently deploying SOAs. 

The market has seen numer- 
ous vendors emerge with SOA 
offerings and services, and major 
analyst firms have pushed a pos- 
itive outlook on the market. With 
the hype and promise of SOA 
continuing to build, and initial 
adopters of the various technolo- 
gies supporting SOA beginning 
to realize ROI, it is important to 
keep in mind that there are a 
number of areas that need to be 
addressed for the full promise of 
SOA to be realized. 

First, all the hype has led to a 
certain amount of confusion. 
SOA does not equal Web ser- 
vices — in other words, a Web 
service that exposes a particular 
business function may very well 
be too fine-grained or too nar- 
rowly defined (i.e., application- 
specific) to be considered a valid 
element of an SOA. SOA is an 



approach to enterprise architec- 
ture that abstracts IT functional- 
ity into business-oriented ser- 
vices. Getting an SOA right 
means spending some upfront 
time thinking about key business 
processes and how they can be 
supported by a set of common 
underlying services. 

SOAs will deliver 
significant financial 
and efficiency bene- 
fits only to the extent 
that they enable dis- 
parate projects to 
reuse common ser- 
vices that support key 
business processes. 
The long-term ROI 
of SOA will best be 
measured by the abil- 
ity to rapidly implement new 
applications and integrations 
based on existing services, 
enabling organizations to react 
quickly to changing market 
demands, while simultaneously 
reducing both development 
and operational costs by elimi- 
nating redundant code. This of 
course is easier said than done. 
Achieving this "SOA Nirvana" 
requires a governance process 
that supports, tracks and man- 
ages service production and 
consumption within an SOA. 

BEST PR FOR GOVERNANCE 

Establishing governance func- 
tions at the onset of an SOA 




project is important for a num- 
ber of reasons. Countless ven- 
dors are providing solutions that 
facilitate the deployment of 
SOA, such as UDDI registries, 
Web services security tools and 
XML registries, and others have 
begun to sell products that can 
do things such as 
monitor Web ser- 
vices performance 
and operations. 

All of these solu- 
tions are valuable in 
an SOA environ- 
ment, but the full 
potential of SOA 
will not be achieved 
unless there is a 
structure in place 
that gives manage- 
ment (and their adjunct gover- 
nance arm, the enterprise 
architecture team) the ability to 
view the various moving parts 
associated with service develop- 
ment and deployment and track 
them throughout the applica- 
tion development life cycle. 

Giving management this 
insight, and being able to offer 
developers access to informa- 
tion on a service — be it the his- 
tory of the service, details on 
its performance, configuration, 
compliance with licenses, secu- 
rity posture, etc. — brings the 
promise of SOA full circle. 

A big part of the governance 
process, of course, will be man- 



Letters to the Editor 



NO GUARANTEES 

Dan O'Dowd's letter [Letters to 
the Editor, Aug. 1, page 32] is 
right, but also contains some 
comparable mistruths in taking 
exception to the two too-flip 
"truths" that there is "no bug- 
free software" and there are "no 
guarantees of quality." 

It indeed is possible for soft- 
ware to be bug-free, but it is 
impossible to know for sure that 
it is bug-free. Even avionics 
software, which I and many 
other frequent fliers depend on 
for our very lives, may very well 
have bugs, perhaps many bugs. 
The fact that passengers are not 
aware of them doesn't mean 
bugs don't exist; and the fact 
that a bug hasn't manifested 
itself yet doesn't mean it won't. 

What one can say is that a 
variety of techniques together 
provide a reliable basis for 



confidence that the likelihood 
of defects is low, especially for 
defects with high impacts. 
Apparently Dowd's product is 
such a technique, and good for 
them, although it undoubtedly 
was not used for many air- 
planes that have seemingly 
bug-free flight-critical soft- 
ware. 

A guarantee is an economic 
decision to pay damages if a 
risk comes true, but it doesn't 
mean there is no risk. A certifi- 
cation provides a basis for 
believing the likelihood of a 
risk is low, but it doesn't guar- 
antee the risk won't occur. 
Adherence to standards does 
not by itself necessarily pre- 
vent liability for damages. A 
guarantee would mean the 
FAA, or perhaps Dowd's com- 
pany, agrees to pay if a plane's 
certified critical systems fail. I 



don't think either would say 
there was such a guarantee. 
Robin F. Goldsmith 

Go Pro Management 
Editors note: Robin E Gold- 
smith is the author of "Discov- 
ering REAL Business Require- 
ments/or Software Success" 

BEAN COUNTER 

Allen Holub's column "Visual 
Java" [July 15, page 35] indicates 
that JSR 273, Design-Time API 
for JavaBeans (JBDT), is opaque 
and not open for public observa- 
tion and feedback, which is 
entirely untrue. It is a public, 
open-source project on Java.net 
called "jbdt-spec-public." The 
entire API (source and JavaDoc) 
in its original and in-process 
form is there. People are encour- 
aged to join the Java.net project 
and participate in the develop- 
ment of the specification. 
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aging the tension of near-term 
business priorities against 
broader SOA objectives. Com- 
panies must make sure to guide 
the business functionality of ser- 
vices and get enough real, live 
business requirements applied 
against the services that are 
being developed so that they 
have a chance to build general 
services instead of point-specific 
services that meet one specific 
business process need. 

To accomplish this, a combi- 
nation of "bottom-up" and 
"top-down" approaches is best. 
Bottom-up refers to the de- 
velopment of services based 
solely on immediate project 
needs. If one takes just this 
approach, the service layer 
becomes what SOA is attempt- 
ing to prevent— YALOT (Yet 
Another Layer Of Technology), 
or more spaghetti code that 
implements a monolithic appli- 
cation in a different technology 
instead of improving business 
process flexibility. 

Similarly, services also should 
not be exclusively defined in a 
top-down manner. Top-down 
business process analysis often 
leads to one of two outcomes: 
"analysis paralysis," continual 
refinement of a model hoping to 
reach perfection (which never 
comes), or "Big Bang" projects 
that try to "boil the ocean" — 
defining and implementing 
everything at once, usually with 
disastrous consequences. 

By combining the two 
approaches, business services 



are developed that can support 
an immediate projects require- 
ments with enough flexibility to 
meet future business process 
needs, both projected and 
unknown. Selecting develop- 
ment projects whose business 
processes establish overlapping 
requirements on common ser- 
vices allows an IT organization 
to incrementally define those 
services while meeting near- 
term objectives. 

Two or three points of view 
(as expressed by these varying 
business processes) are enough 
to begin the service normaliza- 
tion process, producing a "ver- 
sion 1" service that is both gen- 
eral enough to support the first 
wave of development projects 
and that provides a solid basis 
for iterative enhancement 
based on the next wave of pro- 
ject requirements. 

Proper governance of SO As 
also demands that technical 
aspects of service development 
be carefully addressed. For 
example, architectural, perfor- 
mance and security reviewers 
may be involved at various soft- 
ware development life-cycle 
(SDLC) checkpoints to ensure 
that the services being built are 
using designated technologies, 
will perform adequately, and 
will not introduce security holes 
into the IT infrastructure. 

As important as the business 
and technical aspects of SOA 
governance are, governance 
over service consumability is 
just as necessary. Unless you are 



building trivial Web services 
(like the ever-popular stock- 
quote service used so often in 
demo scenarios), you will need 
to provide considerable docu- 
mentation beyond WSDL. 

Consider requiring user 
guides, sample client code and 
traceability in addition to the 
original business requirements 
as part of the consumability 
governance process. This infor- 
mation, along with other 
searchable metadata about the 
service that is ideally managed 
within a software development 
asset repository, will make it 
easy for application developers 
to find the right service and 
give them confidence that the 
service is of high quality and 
will meet their needs. 

Ultimately, you may have 
built a good service that con- 
forms to your technical architec- 
ture and meets your business 
function needs, but if no one can 
understand it and no one can 
find it, what good is it? 

GOVERNANCE IS KEY 

SOA has most definitely turned 
the corner. It has gone from an 
architecture that organizations 
"are considering" and "see the 
benefits of to an architecture 
that is in actual deployment. 
Early adopters are experiencing 
encouraging initial returns, but 
the ROI is expected to spike as 
services are reused time and 
again in an enterprise. 

With the emergence of 
SOAs, governance processes 



are a must-have and software 
development will evolve to 
stress the quality and iterative 
top-down/bottom-up approach 
to the development of services. 
Orchestration tooling being 
built on top of services will 
progress as SOA progresses. I 
should point out that there is 
some good initial work being 
done by Microsoft with BizTalk, 
IBM with WebSphere Business 
Integrator, and other tools that 
are on the market. As the SOA 
industry matures, these and 
other tools will continue to 
develop their capabilities. 

In terms of standards (I 
know it's on your mind), BPEL 
has emerged showing promise 
as a way to bind services togeth- 
er into applications. It gained a 
lot of ground in 2004 and so far 
in 2005, and I expect its 
momentum to continue as more 
companies begin incorporating 
SOA into their IT plans. 

Will SOA finally be the 
answer to our interoperability 
woes? Only time will tell, but 
the early returns are promising. 
As we move forward, keep in 
mind that establishing a gover- 
nance process at the start of your 
SOA initiative will enable you to 
maintain control of your assets 
and ensure that enterprise tech- 
nology is properly aligned to 
support business goals. I 

Brent Carlson is co-founder 
and vice president of technolo- 
gy at LogicLibrary, which sells 
asset-management tools. 



As for the comment about 
not being convinced that the 
expert group knows enough 
about the OO principles to fix 
the problem of the procedural 
idiom corrupting otherwise 
object-oriented code, I beg to 
differ. Please do a little research 
on the members of the EG, and 
you will be surprised to learn 
the rich depth of backgrounds. 
We are very well equipped to 
handle this problem, but we'd 
love your input too! 

Joe Nuxoll 

Editors note: joe Nuxoll is 
the spec lead for J SR 273. 

WHAT DO YOU THINK? 

SD Times welcomes feedback. 
Letters should include the 
writer's name, company affili- 
ation and contact information. 
Letters become the property 
of BZ Media and may be edit- 
ed for space and style. 

Send your thoughts to 
feedback@bzmedia.com. 
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Software development market re- 
searcher Evans Data predicts that 
by spring 2006, usage of Visual 
Basic .NET will outstrip Visual Basic 
6, its predecessor development 
environment and industry stalwart. 

The prediction was published in 
the Evans' 2005 North American 
Development Survey, which showed 
that VB6 usage in the spring of this 
year had dropped to its lowest level 
in three years, down from a recent 
high of about 44 percent last fall. 

Meanwhile, data shows that 
VB.NET, the successor to VB6, for 
the most part steadily increased its share of developers to a high of 34 percent last fall. 

Evans attributes the decline of VB6 to Microsoft's announcement that it would discontinue VB6 support; 

Microsoft in March began charging developers extra for support. But perhaps more interesting is that VB.NET 

usage also has dropped off in the past six months and is scarcely any higher than it was a year ago. "Clearly it 

is a gamble to try and force developers into VB.NET," the researcher said. However, North American developers 

said they would ramp up usage again. 

Auiee- Iran All G17. 
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In previous columns, I've discussed my 
belief that the world of programming 
environments will shrink down to two 
IDEs: Visual Studio and Eclipse. This 
belief is rooted in capitalist economics, 
which contends that the marketplace is 
efficient at winnowing out products that 
are not competitive or, in this case, no 
longer profitable. (We'll leave aside for 
the moment the fact that Eclipse is avail- 
able for free.) On this basis, the markets 
have been picking off IDEs far faster 
than I would have predicted. 

Early this year, for example, Borland 
said it would convert its JBuilder environ- 
ment over to Eclipse. While it made the 
few mandatory mumbles about maintain- 
ing its current IDE, it did so without con- 
viction. And in view of the latest revenue 
figures, it seems unlikely it will be main- 
taining two separate IDEs for long. (Actu- 
ally, it's unclear whether JBuilder will sur- 
vive long enough to be converted to 
Eclipse. We'll see. But one way or the oth- 
er, the JBuilder IDE is going away). 

BEA's much-ballyhooed WebLogic 
Workshop is going Eclipse. And Oracle 
has made its JDeveloper environment 
available for free. Despite a recent 
upgrade, Sun's NetBeans is falling fur- 
ther in market position, and even great 
Java IDEs, such as IntelliJ from Jet- 



Not IDEal 

Brains, are having a hard time treading 
water. Everyone is being eclipsed. 

In the Windows development envi- 
ronment, domination by one IDE — Visu- 
al Studio — has existed for a while. Bor- 
land's C++ Builder and C# Builder are 
just flecks on the windshield. No one 
competes with Microsoft's IDE, and if 
someone were tempted to do 
so, Redmond's very nice 
Express development environ- 
ments (which can be down- 
loaded at no cost from lab 
.msdn.microsoft.com/express 
/visualc/default.aspx) should 
discourage them sufficiently. 

Unfortunately, the two 
dominant environments don't 
compete and are already show- 
ing the costs of lack of good 
competition. We see in the Intel- AMD 
skirmish the benefits of competition even 
when one player is truly dominant. But the 
IDE market is not like AMD vs. Intel; it's 
more like Microsoft Office vs. nobody. 
And the same weak product advances are 
starting to show based on the new releases 
announced during the past few months: 
Eclipse 3.1, which shipped at JavaOne, 
and Visual Studio 2005, which is in beta 2 
tests and should ship the week of Nov. 7. 

Let's start with Eclipse. Version 3.1 is 
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the annual release. What's new? Let's put 
it this way: When the second entry on the 
list of new features is support for bidirec- 
tional text, you know not much has 
changed. Essentially, the product has 
been tweaked for performance and some- 
what better handling of the odd task. 
Visual Studio 2005 is in about the same 
shape. Microsoft's Visual Stu- 
dio Team System, the compa- 
ny's new enterprise ecosystem, 
is important and remarkably 
extensive, but the IDE itself is 
pretty much the same. Even 
small innovations that it should 
have borrowed from Eclipse 
are absent. Most notably 
Eclipse's continual background 
compilation is missing. (This 
feature is exceedingly useful 
because it highlights syntactical errors as 
you type, so you don't have to compile to 
discover you forgot a semicolon. IntelliJ 
and Eclipse have had this feature for 
years.) So much for competition. 

Eclipse has recently been emphasiz- 
ing its support for C/C++ development. 
You'd think this would be important 
because it would be the first time Eclipse 
and Visual Studio have overlapping turf. 
But you'd be wrong. Even though 
Eclipse supports C++ development on 



Windows, it will not support Microsoft 
compilers — as a matter of policy. 

I spoke with Eclipse Foundation exec- 
utive director Mike Milinkovich about this 
at JavaOne, and he reaffirmed the no- 
Microsoft-compilers position with no fur- 
ther detail. It's rumored this position 
results from pressure by IBM. It's the kind 
of distortion monopoly brings: In a com- 
petitive market, you couldn't choose to not 
support so huge a segment of the market. 

Likewise, we can be sure that 
Microsoft will not be poaching Eclipse's 
Java turf to push its J# environment, or 
pushing its C++ environment onto Linux 
via Eclipse. (Mono can do that, no?) 

Economics tells us that in a competi- 
tive market, domination by a single player 
almost invariably affects consumers badly. 
The two predicted results are: Prices rise 
and innovation diminishes. Prices have 
not risen for Eclipse or Express — the 
IDEs are still free, although the ecosys- 
tems they support — IBM's Rational prod- 
uct line and Microsoft's Team System, 
have both become hugely expensive. 

However, the sad story is the lack of 
important innovation. And, as scenarios 
from other similarly situated market seg- 
ments have shown — take C++ compil- 
ers, Java compilers or debuggers, for 
example — once products reach this 
point, they rarely improve much. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 



It's a paradox that object-oriented sys- 
tems are both easier to maintain and 
more complex than procedural systems. 
That's one of the reasons, I think, that 
I've had poor luck with hybrid/procedur- 
al systems. Hybrid systems seem to com- 
bine the bad points of both approaches 
(difficult maintenance and too much 
complexity) without the benefit of either. 

Even pure OO systems are complicat- 
ed, however, and without some sort of 
road map, it's almost impossible to write, 
much less maintain, the code. That road 
map is, more often than not, a set of Uni- 
fied Modeling Language diagrams that 
present the structure of the code in 
graphical form. UML underwent a signif- 
icant extension last year, adding a bunch 
of drawing elements and tweaking the 
existing elements. These modifications 
were not met with universal praise. 

Some of the elements, for example, are 
experimental. They are concepts that 
someone on the committee thought 
would be a good idea but which were not 
used in practice, and might never be used. 
Some UML users, including myself, wor- 
ried that putting an experimental idea into 
a standard would add complexity without 
much benefit. Whatever your feelings on 
the new elements of UML, it will behoove 
you to learn about them. 

Unfortunately, the official OMG UML 



Learning UML 2 

2.0 standard is literally thousands of pages 
of incomprehensible gobbledygook. (Get 
it from wwwuml.org/#UML2.) It's an 
interesting comment on the standard that 
Martin Fowler's "UML Distilled, Third 
Edition: A Brief Guide to the Standard 
Object Modeling Language" (Boston: 
Addison-Wesley, 2004) presents every- 
thing of importance in 175 
pages. Fowler's book is a great 
way to come up to speed with 
UML if you're already familiar 
with both OO and visual mod- 
eling. He just presents the 
notation, assuming that you 
already know the concepts the 
notation represents. If you al- 
ready know UML, this is the 
book for you. 

On the other hand, if you'd 
like a more tutorial-based introduction to 
UML, the second edition of "The Uni- 
fied Modeling Language User Guide," 
by Grady Booch, James Rumbaugh and 
Ivar Jacobson (Boston: Addison-Wesley, 
2005), just came out. Though Booch & 
Co. are a bit more academic in their lan- 
guage than I'd like, their presentation is 
solid, thorough, and like Fowler, vastly 
more accessible than the actual OMG 
standard. Booch's book will be better if 
you've never seen UML before. 

These two books complement each 




other nicely. Booch presents a better 
introduction for the uninitiated, and 
Fowler provides a better quick refer- 
ence. (There are also a bunch of online 
UML references, including my own 
at www.holub.com/goodies/uml. Google 
"uml reference" to find others.) 

The one downside to both of these 
books is that they present 
UML out of context. That is, 
they present the notation but 
don't explain how you might 
create a UML drawing in the 
process of design. 

Put another way, UML is 
just a notation, in the same 
way a sentence diagram is a 
graphical representation of a 
sentence's structure or an 
ERD diagram represents the 
structure of a database. Learning sen- 
tence diagramming does not teach you 
how to write sentences. Learning Fowler's 
ERD notation does not teach you how to 
design databases. 

Many people confuse "learning UML" 
with "learning OO Design." Indeed, I am 
often approached by people who ask me 
to teach a UML class, when they really 
want a design-using-UML class. Learn- 
ing UML is like learning the syntax of a 
programming language. Don't confuse 
that with learning how to program. 



If you already know how to design a 
database, then learning Fowler's ERD 
system will be a snap. The drawings will 
make perfect sense to you, and you'll intu- 
itively understand what they're for and 
how they work. If you're new to data- 
bases, a book on ERD diagrams that sim- 
ply explains the notation will seem incom- 
prehensible. Similarly, if you already know 
how to design, learning UML is trivial, 
but without that background, it will be dif- 
ficult for you to see the value in UML. 

The drawback of books such as 
Booch's and Fowler's is that they can't 
really put UML into context. This omis- 
sion is not a flaw — it just goes with the ter- 
ritory. OO Design is a topic so large that it 
simply can't fit into a single book. Learn- 
ing design is as complicated as learning 
programming — it takes two or three years 
of solid work to get good at it. 

Consequently, UML — and both 
books — will be difficult if you don't al- 
ready know why UML is useful. You have 
to learn UML in the context of learning 
OO Design so that you start with an un- 
derstanding of the concepts the pictures 
represent. The Booch book does contain 
some discussion of process, but it's 
sketchy. I'll talk about a few good OO 
Design books in future columns. If you do 
know some design, however, I highly rec- 
ommend Booch's and Fowler's books. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holub.com. 
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For a summer with no official releas- 
es, Microsoft sure had a summer full 
of releases. Determined to keep the 
geek masses pale and stooped despite 
the weather, Redmond filled up our 
download queues with beta releases of 
huge products, from the soon-gold 
Whidbey to the over-the-horizon Long- 
horn. There also were a number of inter- 
esting smaller downloads, and the sheer 
volume of blogging coming out of the 
Pacific Northwest is more than enough 
to occupy whatever time we've saved 
with advanced anti-spam filters. 

Visual Studio 2005, nee Whidbey, is 
firming up well, although I must say the 
transition from Visual Studio .NET 2003 
can be somewhat frustrating. Not 
because of binary incompatibilities 
(although, to be sure, they exist), but 
because of mental stumbles. 

Unlike the Java world, where one 
tends to jump from IDE to IDE, the 
precise keystrokes and window layouts 
in Visual Studio 2003 have become very 
familiar over the past several years. Any- 
thing different, no matter how trivial, 
sparks a moment of irritation; whether 
the new icons in the Solution Explorer 
tabbed dialog are harder to differentiate 
is hardly the point — just noticing them is 
enough to be annoying. 

More important, there are many new 




Moving to 2005 

features added to VS 2005, and many 
are not directly related to editing code. 
From testing to datacenter design to 
software process management, there are 
a lot of menu items and windows avail- 
able. These vary across the role-based 
SKUs that Microsoft is promoting, and 
for those who live within Visual Studio, 
all of this over time will be 
reduced to muscle memory, 
but I anticipate a vocal minor- 
ity complaining of feature 
bloat and loss of focus. 

As one of those who travel 
between the worlds of .NET 
and Java, I have to admit to 
feeling a little overwhelmed 
at the prospect of maintain- 
ing productive mental mod- 
els in both Visual Studio 2005 
and Eclipse. 

One of the focuses of VS 2005 has 
been an emphasis on contextual aware- 
ness; the IDE tries to surface what it 
"knows" about the task at hand. Some- 
times, this is brilliant: Subtle colored 
strips along the edit-window edge tell you 
which lines have been edited during a 
session. Other times, the effort is less suc- 
cessful: The "troubleshooting tips" that 
accompany a NullReferenceException 
get old about as fast as a paperclip help- 
ing you to write a letter (Tools, Options, 
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Debugging, uncheck "Enable the excep- 
tion assistant." You're welcome.) 

The various languages diverge both in 
their expressive capabilities and in how 
they're edited. C#, for instance, may 
have the strongest refactoring support, 
but it also has an IntelliSense "feature" 
that seems bent on parameterizing all 
generics with type TabAlign- 
ment (Tools, Options, Text 
Editor, C#, IntelliSense, 
"Committed by typing." 
You're welcome again.) 

The language divergence 
which I've long described as 
the unifying theme of Whid- 
• bey is real. In my very first 

client engagement using 
.NET 2.0, we're facing issues 
relating to Visual Basic's "My" 
namespace and C#'s anonymous dele- 
gates. Where previously we could dis- 
cuss designs without mention of VB or 
C#, we now have to pause to assure that 
a technique will hold up across lan- 
guages. While I applaud a world with a 
diversity of computer languages, anoth- 
er part will look back upon the past few 
years, when languages converged, with a 
certain wistfulness. 

Whatever the bumps in the road, 
though, there can't really be a lot of hes- 
itation about switching to Visual Studio 
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2005. The language improvements are 
compelling, the libraries and CLR infra- 
structure have advanced, and AS R NET 
2.0 is a slam-dunk choice for Web sites. 
This project? Stay with VS 2003. Your 
next one? Go with Whidbey. 

I persist in using the name "Whidbey" 
for a couple of reasons. For one thing, 
just as sportswriters use a dozen nick- 
names for "ball," so, too, does one seek 
alternatives to "Visual Studio 2005 Team 
System." For another, "Whidbey" isn't a 
bad name. It rolls off the tongue pretty 
well, as do "Indigo," "Avalon" and "Long- 
horn," all of which have now been retired 
from official Microsoft discussion. 

Now, "Longhorn" turning into "Vista" 
I can see: Outside of Texas and British 
Columbia, people might not have an 
immediately favorable reaction to "big 
dangerous bull." But what genius traded 
"Avalon," with its connotations of both 
Arthurian splendor and semi-obscure "I 
Love the '80s!" band Roxy Music, for 
"Windows Presentation Foundation"? 

As for "Windows Communication 
Foundation," the utterly forgettable 
replacement for "Indigo," it not only 
reduces to a generic three-letter acronym, 
it spoils the joke for the Web site I was 
going to produce that detailed the private, 
undocumented parts of the API. Anyone 
want to buy the domain indigonads.com? I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 
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Microsoft in LAMP'S Glare 



Industry Watch 



The LAMP stack is shining brightly 
up at Microsoft — too brightly, per- 
haps, for the longtime opponent of 
open-source software. 

The increasing popularity of the 
Linux operating system and the 
MySQL database are beginning to eat 
away at Microsoft's bottom line, as 
companies move from experimentation 
to implementation of the 
alternative software. This was 
evident at the recent Linux- 
World conference in San 
Francisco, where corporate 
acceptance of the communal 
operating system could be 
plainly seen on the name tags 
of the attendees. 

But Microsoft did not get 
to be the largest software 
company on the planet by 
resting on its laurels (proof of monopo- 
listic behavior notwithstanding). The 
company has taken heed of the old saw, 
"Know thine enemy." It has created a lab 
up in Redmond with a mix of Linux, 
Unix and Windows boxes as it gets down 
to the serious business of ensuring inter- 
operability, which flies in the face of 
everything Microsoft's employees have 
practiced. 

Despite its monopoly presence in 
operating systems — or perhaps because 
of it — Microsoft has been slow to adapt 
to market realities. One of these reali- 
ties is that most big enterprises are 
running all kinds of operating systems 
and databases. While there are plenty 
of shops that run Microsoft software 
exclusively, many more are heteroge- 
neous. Microsoft continues to preach, 
"Open source is bad. Linux is bad. 
Microsoft is good." But like the unsure 
third-base coach who puts up the stop 
sign with his left hand but also waves 
the runner home with his right, 
Microsoft is engaged with Linux in the 
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lab to see how best it can keep the 
upstart off its turf — and where cus- 
tomers demand it, learn to live togeth- 
er in relative peace. 

Our editor-in-chief, Alan Zeichick, in 
San Francisco for the big LinuxWorld 
conference, noted that Microsoft had its 
henchmen there to lure reporters away 
from the show. In SD Times' News on 
Thursday newsletter for Aug. 
11, he wrote: "Microsoft was 
attempting to woo reporters 
and editors out of San Fran- 
cisco's Moscone Center and 
over to a nearby restaurant 
with the offer of a three-hour 
lunch and presentation. 
There was no solid agenda 
that I could see, but it seems 
the plan included demos and 
one-on-one meetings with 
Microsoft product managers. You can 
guess for yourself what the purpose was. 
'Quite a coincidence that you're doing 
this during LinuxWorld,' I said to the 
nice public-relations person who tried to 
get me to attend. Tt sure is,' she 
laughed. I declined." 

Meanwhile, the open-source Java 
platform provider JBoss last month 
announced it was revamping its migra- 
tion program to try to lure businesses 
running applications on systems from 
competitors IBM and BE A. The three 
are wrestling for the top spot in the Java 
platform market, but they're also carry- 
ing the Java mantle against Microsoft. 

If JBoss can outperform IBM and 
BE A to win the Java market with its 
second-generation open-source busi- 
ness model (give away the software, 
charge for service and support), there's 
every reason to think those same 
advantages (low cost, based on stan- 
dards) will help it win market share 
from Microsoft as well. Microsoft, with 
its actions at LinuxWorld and the cre- 



ation of a Linux lab in Redmond, 
understands this all too well and is 
starting to act. 

THE VISA BILL 

The announcement last month by the 
U.S. government that the number of 
petitions for 2006 H-1B visas already 
surpasses the cap allocated for the 
whole year puts a twist on this issue's 
Special Report and editorial. These 
visas are sought by companies looking to 
retain foreign-born individuals, many of 
whom have been recruited from Ameri- 
can colleges and universities. 

Is it the schools that are failing to 
turn out graduates ready to work, or is it 
that schools are failing to turn out Amer- 
ican graduates ready to work? Time and 
again, studies have shown that the 
number of U.S. students enrolling in 
mathematics, engineering and computer 
science is declining. Meanwhile, corpo- 
rations starving to fill important posi- 
tions in those areas are turning to for- 
eign-born students. The Information 
Technology Association of America, and 
Microsoft's Bill Gates, among others, 
are leading the call for raising the cap on 
H-1B visas or eliminating it entirely, so 
the U.S. can retain its global leadership 
position in technology fields. 

H-1B workers can stay in the United 
States for six years upon winning 
approval, and then must leave the coun- 
try for a year before returning under a 
new visa. The high salaries they are paid 
here keeps them coming back. 

However, if America can't produce 
Americans capable of filling these highly 
specialized, highly technical jobs, can 
America keep its leadership position? 
Fewer H-1B visas, not more, will force 
educators down to the elementary- 
school level to make math and science 
higher priorities. If U.S. schools fail, 
when the bill comes due, the tab will be 
nothing less than second-class status for 
U.S. technology. I 

David Rubinstein is editor of SD Times. 
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Frankfurt, Germany-based Software AG announced last month it has 
acquired Germany-based Casabac Technologies GmbH, maker of browser 
user interface tools for developing Web-enabled enterprise applications. 
Financial terms of the deal were not disclosed. Software AG said the compa- 
nies had been partnering since mid-2004, and that the Casabac team will be 
brought into Software AG as the Ul Technology Department. The company is 
looking to build out its XML-based integration and business process man- 
agement portfolio of products. The acquisition is the second of 2005 for 
Software AG; in February it bought out Israel-based Sabratec Ltd., which 
made mainframe integration software . . . Yahoo will spend US$1 billion to 
acquire 40 percent of Alibaba.com, a China-based Web auction company. 
The deal will bring together Yahoo's search operations, which are second in 
China, with Alibaba's B-to-B and consumer auction operations, as well as 
Yahoo's Chinese mail and messaging operations. The merged entity is valued 
at $4 billion; Alibaba's CEO, Jack Ma, will run the company. China is the 
world's second-biggest online market after the United States, with users 
expected to surpass 120 million by year's end . . . Novell has said it will 



open a research and development center and new regional offices in China, 
hoping to accelerate the growth of the Chinese software industry. Novell 
recently announced an agreement with the China Standard Software Co. to 
develop and deliver regionally customized software. Novell's R&D center will 
open in Beijing by the end of the year, while support centers will be created 
in Guangzhou and Shanghai, the company said. Also, Novell is launching 
openSUSE.org.cn, a dedicated Chinese language site for the recently 
announced openSUSE project. 

EARNINGS: NEON Systems last month announced revenue of US$4.3 
million for its first-quarter FY2006 ended June 30, an increase of 20 percent 
from the $3.6 million the company reported for the same quarter a year ear- 
lier. The company posted a net loss of $1 million for the quarter, or 11 cents 
per share, compared with net income of $967,000, or 10 cents per share, for 
the year-earlier period. NEON also announced a partnership with WebMeth- 
ods that will allow that company to extend its Fabric business integration 
product suite with NEON's new Shadow RTE mainframe integration product. I 
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Welcome 
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Roosevelt Hotel in New York City 
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Dear Software Professional, 



As an expert involved in trying to improve the quality of 
your company's software, you face daunting challenges. 
The software industry spends $60 billion annually to 
find and fix software errors in products containing mil- 
lions of lines of code. As code size and complexity 
increase year by year, is it any wonder your information 
needs continue to grow as well? BZ Media developed the 
Software Test & Performance Conference to provide you 
with the practical, how-to information that will help you 
meet these challenges and make you successful in your 
profession. 

The technical program for this conference was 
designed to serve the needs of people just like you: 
test and QA managers, development managers, test- 
focused developers and senior testers. The conference 
addresses such diverse topics as requirements man- 
agement, security testing and test automation. You 
can learn about using unit testing in an agile environ- 
ment. You can explore the fundamentals of database 
testing and how to recognize performance bottle- 
necks. Or delve into the intricacies of profiling J2EE 
applications, learn about performance tuning .NET 
applications and understand how to use metrics effec- 
tively to improve software quality. 

The three-day conference program packs in six day- 
long tutorials plus 56 90-minute classes. The faculty was 
hand-picked for its technical expertise and ability to 
communicate. You'll meet and learn from industry lumi- 
naries like Scott Barber, Ross Collard, Elfriede Dustin and 
Rob Sabourin. The program also features three keynote 
presentations to help give you a sense of where the indus- 
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try is headed and what chal- 
lenges you'll likely be facing 
next year. 

While participating in the 
technical program is impor- 
tant, equally valuable is the 
opportunity you will have to 
meet with other software pro- 
fessionals outside the class- 
room. Conference activities 
are planned so as to maximize 
your learning experience 
while leaving you time to 
compare notes with your class- 
mates and confer with members of the faculty. As an 
added bonus, the conference schedule and format will 
provide time for you to discover the latest products, 
which will be presented in the exhibit area, and pick 
the brains of the tool vendors. 

Read through the 
class listings and 
build a custom 
course of study over 
three days that will 
give you and your 
team tools and tech- 
niques that you can take back to the office and put into 
effect immediately. 

We look forward to seeing you at the Software Test & 
Performance Conference. 

Lindsey Vereen 
Conference Chairman 
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Event 



I Join hundreds of other 
software developers, devel- 
opment managers, test/QA 
managers and senior test 
professionals at the 2005 
Software Test & Performance 
Conference! 

More than 60 classes and full-day tutorials cover 
software test/QA and performance issues across 
the entire application life cycle, making this event 
appeal to a higher level and more diverse group of 
development and test/QA professionals than tra- 
ditional training programs for test-team members. 

Developing for the Web? Using .NET, J2EE, or 
Eclipse? Worried about SQL injection, buffer 
overflows and hackers? Managing test automa- 
tion across many locations? If you are a software 
developer trying to wring better performance out 
of your software systems, a test/QA or develop- 
ment manager responsible for improving the qual- 
ity of your company's software or a test/QA spe- 
cialist who wants to take your skills to a higher 
level, then the Software Test & Performance 
Conference is for you. 

The Software Test & Performance Conference 
provides you with education on the newest tech- 
niques, such as agile methods and testing with 
JUnit. The faculty will share tips and tricks to 
improve fundamental practices such as functional 
testing, requirements gathering and load testing. 
You'll learn ways to implement quality assurance 
across the entire application development life 
cycle, how to pinpoint and fix performance bottle- 
necks and how to adapt familiar testing para- 
digms for emerging technologies. 

Attend the Software Test & Performance 
Conference on November 1-3 in New 
York City — because when it comes to 
improving software quality, education is 
the real Best Practice! 
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way to get exposure to a variety of subject matters and views from 
ny people. Makes you realize your strengths and weaknesses." 



— Joyce Bordley, Business Systems Consultant 
AIG 



FULL-DAY TUTORIALS 

I Tuesday, Nov. 1 
9:00 a.m. - 5:00 p.m. 

T-1 Delivering Test Automation Success 
Through People, Methods & Tools 

By Hans Buwalda 

Successful test automation is vital to increasing the efficiency of 
QA efforts. If they're done correctly, it's possible to develop tests 
earlier, run them faster and repeat them more reliably when the 
software under test becomes available. Many organizations now 
recognize that it is critical to make the right choices in organiz- 
ing the work, developing the tests and architecting the automa- 
tion, whether scripted or non-scripted. 

This tutorial presents state-of-the-art techniques — includ- 
ing data-driven testing, keyword-driven testing, and scripted 
and non-scripted automation — that can help deliver test 
automation success. As a framework, the class will use Action 
Based Testing, which has been proven effective and efficient 
for many testing organizations around the world. An impor- 
tant focus for the day is the managerial perspective, such as 
how to set up the right team and how to gain commitment from 
managers and other stakeholders. 

You will learn: 

• Effective integration, fine tuning and management of 
testing and test automation. 

• How to apply good test design techniques, such as Soap 
Opera Testing. 

• How to use frameworks like action-based testing to 
ensure visibility, maintainability and scalability. 

• How to incorporate an automation framework along 
with your existing process. 

• How to optimize the use of your testing staff's diverse 
skill sets. 

T-2 Twenty-One Ways to Spot — and Fix — 
Requirements Errors Early By Robin Goldsmith 

While many organizations have begun paying closer attention 
to defining requirements, few fully realize the need to know that 
their requirements are accurate and complete, nor do many know 
how to test requirements effectively. Most rely on one or two 
weak methods and have little awareness of how many errors 
they've missed — errors that later turn into expensive feature 
creep. This interactive class explains why it's so hard to test 
requirements, and it introduces 21 increasingly powerful meth- 
ods to help you find frequently overlooked requirements errors 
when they are easiest and least expensive to fix. 

Following the instructor's proven CAT-Scan approach, par- 
ticipants apply the techniques successively to a real case and 
discover how each different method reveals additional, oth- 
erwise overlooked defects in the requirements. Participants 
learn ways to find previously overlooked requirements, 
increase meaningful customer/user involvement, enhance 
communications and understanding, and test the adequacy of 
requirements definitions. 
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T-3 Testing Quasi-Agile Projects: AffiVU 

Practical Strategies for Today's Iterative 
Development Environment 

By Timothy D. Korson 

In the highly iterative, fast-paced environment of agile devel- 
opment projects, the traditional approaches to testing, quali- 
ty assurance, requirements gathering and team interactions 
break down. QA managers trying to encourage best practices 
recommended by CMMI and SPICE find themselves at odds 
with developers trying to adopt best practices as recommend- 
ed by the Agile Manifesto. 

In the end, no one wins. Because of the constraints of cor- 
porate policies and management edicts, developers can't ful- 
ly adopt agile practices. Because the developers do adopt as 
much of the agile process as they can get away with, the QA 
team finds that traditional approaches to quality management 
no longer work. Such projects must succeed in a "quasi-agile" 
development environment. 




This tutorial will introduce you to software development 
processes and practices that affect your world. You will learn 
practical strategies for effectively integrating testing processes 
with modern software engineering processes. You will learn 
how to create effective tests, both component-level and system- 
level, for modern software systems. Detailed case studies will 
convey specific techniques for testing both components and 
entire systems. 

T-4 Testing Techniques: Theory AfEl/lf 

And Application By BJ Rollison 

This tutorial presents the formal theory and practical applica- 
tion of functional (behavioral) and structural (coverage) testing 
techniques. The class will teach functional testing techniques, 
including exploratory testing, boundary value analysis, equiva- 
lence class partitioning and combinatorial analysis. Structural 
testing techniques covered include statement coverage, decision/ 
branch coverage, condition and basis path coverage. 

By attending this tutorial, you'll learn how to use function- 
al testing techniques to establish a solid foundation and min- 



"Extremely informative, and talking to the colleagues in the f 

was incredibly enlightenh 



-Shari Pag ley, Testing Supervisor 
Sunrise Senior Living 
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imum baseline of test cases. You'll understand how structur- 
al testing techniques can be used to design additional tests 
from a white box approach to complement the test effort, to 
ensure that critical paths in the code have been exercised, and 
to achieve higher code coverage results. You will also learn 
how to apply both black box and white box test design 
approaches to test more effectively. 
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T-5 Using Metrics to Improve 
Software Testing 

By Alfred Sorkowitz 

Software metrics can improve your organization's testing process 
by providing insight and early visibility into the real status of 
the testing effort, and in making assessments as to whether 
progress, productivity and quality goals are being met. This tuto- 
rial presents a practical guide on how to take advantage of new 
metrics tools/techniques to improve the testing process. The 
metrics-based tools and techniques have successfully been used 
by software test teams, software developers and test/QA teams. 
Some of the things you will learn in this tutorial include: 

• The cost of inadequate software testing: the economic 
impacts of poor testing, from a recent report by the 
National Institute of Standards and Technology. 

• A set of government/industry best practices metrics, 
with numerous examples, variations and case studies. 
These metrics can track the real status, quality and 
productivity of the testing effort, as well as provide 
an indication of future problems. 

• Software Complexity Metrics, a new structured testing 
methodology that uses metrics to aid in developing 
software that is easier to test and maintain, and for 
selecting an appropriate set of paths for more thorough 
testing. 

• An overview of testing concepts and principles, includ- 
ing a metrics-based testing procedure that can aid in 
improving the quality of unit testing. 

• How to integrate software metrics into the testing process. 
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T-6 Hands-on Testing Patterns: 
Best Practices From the Trenches 

By Matthew Young 

Most every software professional, from developer to manager, 
has heard of design patterns. These universal best practices tools 
express, in a common language, the tribal knowledge of a host 
of development experts. These same lessons can be applied to 
testing at all phases of the testing effort, from unit test through 
integration and system acceptance. 

This tutorial will teach you how to use testing patterns as a 
means to collect the common knowledge of what to do (and not 
to do) within a testing effort. The instructor will introduce the 
language and details of each pattern, walking the participants 
not only through the patterns, but also through the application 
of the patterns to an actual project. The course will focus on pat- 
terns and their application to testing techniques to address: 

• Unit testing 

• Integration testing 

• Database testing 

• Web services/Web application testing 

• Acceptance testing 

Attendees are assumed to have an understanding of an OO-based 
coding language such as Java, C++ or Perl (code examples will be 
discussed) and a basic understanding of the mechanisms of the 
xUnit (JUnit, CPPUnit, PerlUnit) family of testing frameworks. 
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101 Fundamental Rules of Security 
Testing By Elfriede Dustin 

Software security is becoming increasingly important. QA and 
test will have to get involved in security testing, and security 
testing has to be viewed as part of the software development 
effort. This class discusses both how to fit software penetra- 
tion testing into the development life cycle, and how to secure 
your software by trying to break it. 

This overview of security testing covers key topics including: 

• How to protect Web and application servers. 

• Securing site data and user confidential information housed 

in database servers. 

• The danger that components such as ActiveX controls and 

cookies can pose for exploits and loss of user privacy. 

• How to protect transmission of critical user data, such as 
payment and other private information, via secure protocols. 

• High-level strategies for testing the security of your Web 
site — strategies that can be used as the basis for security 
test case development. 

102 Putting the User Back in User Af£|/|/ 
Acceptance Testing By Robin Goldsmith 

User acceptance testing (UAT) is often a source of consternation. 
Even though the process takes up considerable user time, too many 
defects continue to slip through, and users increasingly beg off 
from participating with claims that they don't have the time. Both 
effects may be symptoms of professional testers' mistaken conven- 
tional wisdom about the nature and structure of UAT. In this eye- 
opening presentation, you'll learn ways to gain user confidence, 
competence and cooperation. Plus, you'll learn to create user-driv- 
en UAT that increases user testing competence and confidence. 

103 How to Optimize Your Web Testing Strategy 

By Hung Q. Nguyen 

One of the key strategic challenges of Web testing is the domi- 
nance of change. Another key challenge is interdependence. 
Web applications are fundamentally dependent on cooperating 
tools and processes. Many of the processes, tools and standards 
in use by groups that do Web testing were originally devel- 
oped with simpler and less dynamic situations in mind. 

Used by skilled and thoughtful people, in the context of a 
clear strategy, these processes and tools can add value. But if 
we allow them to drive our testing practices, they can easily 
do more harm than good. In this talk, you will learn how to ana- 
lyze and optimize your Web testing strategy by selecting the 
right types of tests, how to execute them at the right time with 
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a balanced number of cycles, and how to drive changes to improve 
your team's testing throughput. 



104 Performance Tuning ASP.NET 
Applications By Thomas O'Mara 

Take a look under the hood at performance tuning an ASP.NET 
application from a systems point of view. This class will help 
you understand how to set up a solid testing infrastructure, gain 
an in-depth intuition on critical .NET and ASP.NET components, 
and monitor the operating system and the ASP.NET application 
in real time. Attendees should have some knowledge of Windows 
Server 2003, the .NET Framework, ASP.NET application devel- 
opment and load testing techniques. 
In this class you will learn: 

• Architecting the foundation: system analysis, application 
requirements and specifications, and overall application 
and system objectives. 

• The .NET Framework: how to increase performance and 
reduce system resources requirements in the application. 

• ASP.NET Controls from a performance standpoint: Look 
at the important controls that can cause application 
bottlenecks. Discuss tips on how to implement the 
controls from a best practices point of view. 

• Performance counters: Identify and discuss a proven set 
of performance counters on Windows Server 2003 that 
will provide the real-time feedback necessary for 
locating performance and memory issues. 

• Performance data analysis: a look at fundamental 
statistics and how to apply these to real-world 
examples. 

105 How to Turn Your Testing Team Into A 
High-Performance Organization By Michael Hackett 

All development managers, test managers and their organiza- 
tions are looking for ways to improve quality. Quality improve- 
ment can come in many forms: reducing risks by delivering high- 
er- and predictable-quality product; optimizing time-to-market; 
increasing productivity; and building a more manageable organ- 
ization. Some managers look for quality improvement by attempt- 
ing to implement a more standard or formal process. 

This sounds good. But where is the roadmap for how to get 
there? This class can help! You'll learn how to evaluate your test 
process and strategy, create a culture for change, implement 
change, and use effective methods for measuring improvement. 

106 Creating Your Own Test Aff 1/1/ 
Automation Tool By Christopher Valorose 

It seems like everyone wants to or needs to automate manual 
testing, for a variety of reasons. Companies will go out and spend 
thousands of dollars to buy an off-the-shelf tool, only to find the 
tool sitting on the shelf years later. So why spend the money on 
shelfware? Why not build your own automation tool that is fully 
customizable? This class will detail the process of creating your 
own automation framework. The framework will allow you to plug 
in products that need to be tested. The automation framework con- 
tains detailed logging, and it records test results into a relational 
database. It also is completely data- and action-driven. Testers can 
change the setup, execution, cleanup, and/or expected results ver- 
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ification without changing a line of source code. 

The class will show you how to create an automation frame- 
work and will demonstrate the return on investment of using a 
single framework that can execute automated tests across multi- 
ple products. 

107 Better Web Stress Testing 

By Robert Sabourin 

Stress testing is a collaborative testing effort combining the skills 
and disciplines of both software development and software test- 
ing. You know you should be doing stress testing; you're just not 
sure when to test most effectively. 

This class explores effective stress testing, which is particular- 
ly important to developers in Internet multi-tier development proj- 
ects, and it also discusses how stress testing can be managed as a 
series of experiments to learn about the behavior of the software 
being developed. You'll learn how to define and organize stress 
testing experiments, how to identify appropriate ways to imple- 
ment stress testing in the development process, and some practi- 
cal and cost-effective techniques for implementing stress testing. 
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201 Pinpointing and Exploiting Specific 
Performance Bottlenecks 

By Scott Barber 

One part of the system is always slowest — the bottleneck. Until 
you remedy that bottleneck, no other tuning will improve per- 
formance along that usage path, but before you can tune it, you 
must first conclusively identify it. Once the bottleneck has been 
identified, the resolution can be reached more quickly if you 
modify your existing tests to eliminate distraction from ancillary 
issues. Pinpointing the bottleneck precisely is an art all its own. 

After finding the bottleneck architecturally, often we must 
create a test to exploit it to facilitate tuning. Bottleneck exploita- 
tion tests needn't bear any resemblance to real user activity, 
but rather should focus on the bottleneck alone. In fact, these 
tests may not even interact with the system in ways that users 
can and may interact directly with back-end tiers. 

This class will show how the performance testing team and 
the development team can work collaboratively to analyze results 
and identify bottlenecks by tier, component and object. You'll 
see how to design tests to exploit those bottlenecks for tuning 
purposes with examples using IBM Rational and free tools. 

202 Software Endgames: How To 
Finish What You've Started 

By Robert Galen 

We've all survived more than one software project that ended 
badly, where either the requirements were misunderstood or 
were implemented poorly. Or overall quality targets couldn't 
be met because there were simply too many defects. Or the team 
simply couldn't decide on priorities and in which direction 
to steer the project. 

Many projects fail during testing. Not because of the testing per 
se, but because of the massive discovery of defects and function- 
al gaps that indicate the true viability of the project. I call this time 
the Software Endgame, and I've spent a great deal of time negoti- 
ating its challenges through numerous software projects. 

This presentation focuses on a set of five high-level practices 
and techniques that will help improve your management and 
project steering within the endgame, providing guidance that 
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will increase the odds of your successfully delivering a project. 
You'll learn: 

• How to create an endgame delivery map that directs your 
release and testing milestones via entry/exit criteria. 

• The importance of release criteria within the endgame, 
and high-level rules of thumb for defining them. 

• Why a change-control mechanism is important, and some 
guidelines for successful change control. 

• Managing defect repairs — where to focus your efforts 
and scheduling rules of thumb — plus the many options 
you have for "fixing" defects. 

• Endgame team do's and don'ts for managers and team leaders. 

203 Seven Low-Overhead Software Process 
Improvement Methods 

By Robin Goldsmith 

For many, software process improvement is synonymous with 
high-overhead, long-term, organization-wide initiatives that often 
are resisted and fail to produce the desired results. 

In this interactive presentation, you'll learn seven methods 
that can help you make software faster, cheaper and more reli- 
able without all the hoopla. Key to meaningful results is recog- 
nizing, measuring and then specifically improving high-payback 
aspects of the instructor's proven REAL software process, which 
often differs considerably from what we presume we are doing. 
In truly agile fashion, applying these methods proficiently focus- 
es efforts most efficiently on effectively producing useful soft- 
ware from the start. 

204 Learning From Failures Before Aurm 
They Happen: Failure Analysis ■•clflf 
Techniques for Software Engineering 

By Matthew Young 

This class teaches the practical software engineering application 
of preventative fault-analysis techniques — important practices 
that are often thought of more in the context of reliability and 
hardware engineering efforts. 

By placing these tools into the early stages of software engi- 
neering, organizations can begin to move out of the "triage" mode 
of testing/debugging and into the diagnostic testing and error pre- 
vention required to produce the high-quality systems demand- 
ed by the customer. 

Through careful analysis and a customer-focused view, these 
potential failures can be identified early on in a project and used 
to drive architecture, development and testing activities. The 
goal? To increase system quality and help to ensure overall accept- 
ance — before system faults and failures reach the customer. 

You'll learn: 

• The practices, benefits and pitfalls of a failure-mode 
analysis program. 

• How to build a culture that views failures as a process 
and not just a single event. 

• Root-cause techniques to stop the cycle of "triage testing." 

• Practical ideas for implementing fault analysis on your 
projects — from the smallest grassroots efforts to large- 
scale formalized systems. 

• Methods for selling a fault-analysis effort to manage- 
ment as a means to improve the quality, reliability and 
maintainability of the software system. 

205 Integrating the Testing Team Into The 
Software Development Life Cycle 

By Elfriede Dustin 

This class teaches, from experience, key concepts and practices 
that can help you implement an efficient testing program as an 



integrated part of the software development process. You'll learn 
how to produce quality software without an independent test- 
ing team, and what to consider so the integrated software devel- 
opment team will be able to deliver on time and on budget. 
The class will cover: 

• How a testing team can maintain independence even if 
the development and testing teams have the same report- 
ing structure. 

• Roles and responsibilities of "integrated" testing team 
members. 

• Developing test cases when requirements are not avail- 
able or are documented only at a very high level. 

• Why black box testing by itself is inefficient, but gray 
box testing is more efficient. 

• Why an understanding of the system architecture and 
underlying components is necessary in order to devel- 
op effective gray box test cases. 

• How system testability can be increased. 

• How the development approach can be structured to 
support effective unit testing. 

• How to prioritize defects in order to meet the go-live date. 

• How to manage the "silver bullet" expectations surround- 
ing automated testing. 

206 Database Security: How 
Vulnerable Is Your Data? 

By Mary R. Sweeney 

There are many levels of software security. How secure is the most 
important component of your application: your database? Quality 
control organizations must step up to the challenge of ensuring 
data security with appropriate tests that focus on this vital area. 

In this class, you'll learn what your test team needs to know 
about protecting your server, your database connections, control- 
ling access to your database tables and restricting access to the 
database server itself. If your data is in jeopardy, your entire sys- 
tem is at risk. Learn the basics about testing to ensure protection 
for the critical database component. 

207 Load Generation in Complex AfE|/|/ 
Environments By Alexander Podelko 

A "must" task in load testing is workload generation: how you are 
going to apply load to your system. You cannot do load testing with- 
out that. It can be a simple technical step when you know how to 
do that for your system. Unfortunately, quite often workload gener- 
ation is a very challenging task for a new system, up to being impos- 
sible in the given time frame. It is important to understand all pos- 
sible options; a single approach may not work in all situations. 

The main choices are to generate workload manually (really, an 
option only if you have few users), to use a load testing tool (soft- 
ware or hardware) or to create a program to do it. Many tools allow 
you to use different ways of recording/playback and programming. 
The class discusses pros and cons of each approach, mainly based 
on experience with distributed business applications. 
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301 Just-in-Time Testing Techniques And 
Tactics, Part 1 By Robert Sabourin 

As the Boy Scout credo goes, "Be Prepared." This class teaches 
you how to be ready for just about anything in a software testing 
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project within the volatile environment of a Web or e-commerce 
software project. Managers will learn an array of techniques to 
manage and track software testing in chaotic environments — specif- 
ically, projects with continuously changing requirements and shift- 
ing priorities. Members of the development and testing teams will 
learn how, even while working with minimal information, to devel- 
op tests and converge the product development effort. 

302 Overcoming Requirements-Based £lflr 
Testing's Hidden Pitfalls By Robin Goldsmith 

Testing based on requirements is a fundamental method that is 
relied on extensively. However, its thoroughness frequently can 
be compromised by traps that testers are not aware of. 

In this interactive presentation, you'll learn key sources of 
requirements-based testing oversights, including: distinguishing 
business requirements from system requirements; assessing the 
extent to which the requirements are complete; the premise of one 
test per requirement; the appropriate level of test case detail; and 
developers' inclusion of requirements-based unit tests. The class 
will also focus on: 

• The strengths, and often unrecognized weaknesses, of 
requirements-based tests. 

• The importance of testing based on business, as well as 
system, requirements. 

• Determining how many tests a requirement needs. 

303 Web Performance Testing: Lessons Learned 

by Hung Q. Nguyen 

Performance testing is essential to success on the Web. It gives 
a business the confidence that when a Web-based system 
receives its expected customer load each day — perhaps with 
sudden bursts of traffic due special events, such as promotion- 
al campaigns for an e-commerce site, or breaking news for a 
news portal — it will be able to handle the workload while con- 
tinuing to deliver an acceptable response time. Unfortunately, 
planning for and executing the tests that will deliver satisfying 
results is too often a disappointing experience. 

You will learn what you need to prepare for success, as well as 
how to avoid wasting time and producing non-actionable test 
results. You will know how to generate test requirements in the 
dark, understand your statistics before collecting them, and dif- 
ferentiate performance symptoms, causes and potential cures. 

304 Lessons Learned in Test Automation, Part 1 

by Elfriede Dustin 

This class will present and discuss a series of automated test- 
ing lessons learned from actual experiences and feedback from 
real projects. You'll learn how to avoid some typical false starts 
and roadblocks when you implement your test automation efforts. 
Part 1 of this class includes a discussion of: 

• Better ways to define automation criteria. 

• How to avoid duplicating the development effort when 
designing automated test cases. 

• How to create reusable automated test cases. 

• The need to verify all vendor claims in your own 
environment. 

• The pitfalls of delegating the tool selection to a reseller or 
consultant — avoiding hidden agendas. 
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• Testing tools: making the build-vs.-buy decision, and how 
to select the right tools. 

• Automated test implementation on all projects, vs. 
choosing a pilot project. 

• Tool integration: how to avoid using various tools and 
maintaining duplicate information in various repositories. 

You'll also learn how to avoid losing sight of the testing efforts 
because developers or testers are too busy coming up with elab- 
orate scripts to automate their unit and system tests. 




305 Metrics: How to Track Things That Matter 

By Clyneice Chaney 

Metrics programs have often been a dirty word, misused and 
poorly implemented. This class discusses ways to provide met- 
rics that really matter to organizations and provide visibility into 
their or their customers' organizations. The class will begin with 
discussions about why metrics programs fail and will move on 
to discuss keys to successful metrics programs, developing qual- 
ity metrics that matter, and ways to implement and maintain 
these metrics over time. 

306 Verifying Software Robustness 

By Ross Collard 

Do you like breaking things? If so, this session's for you! It's not 
enough to design systems for dependability; we have to verify their 
reliability as well. Software is robust if it can tolerate such prob- 
lems as unanticipated events, invalid inputs, corrupted internal- 
ly stored data, improper uses by system operators, unavailable 
databases, stress overloads and so on. Systems that include both 
hardware and software are robust if they can tolerate physical prob- 
lems such as equipment damage, loss of power, software crashes 
and so on. Since these problems can and do occur in live opera- 
tion, this session examines how to evaluate a system's robust- 
ness within the relative sanctity of the test lab. 
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307 Recruiting, Hiring, Motivating And 
Retaining Top Testing Talent 

By Jeff Feldstein 

The expectations today are for increasingly high-quality software, 
requiring more sophisticated automation in testing. Test and QA 
teams must work more closely with development to ensure that 
this sophisticated automation is possible. This has led to soft- 
ware engineers applying creativity, talent and expertise to not 
just application development, but testing as well. 

The speaker uses examples of how his team at Cisco changed 
the way it tests over the past six years. In this class, he'll review 
eight points for why test is a better place for software develop- 
ers than software development, and he'll show how and when 
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to express these points to hire, motivate and retain top talent. 
You'll see how to inspire greater innovation and creativity in your 
testing processes, and how to manage and inspire test and devel- 
opment teams that are spread across different locations. You'll 
also learn the place of manual testing in the new environment. 
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401 Justin-Time Testing Techniques And 
Tactics, Part 2 By Robert Sabourin 

Please see the description under class 301. 

402 Building Collaborative Performance 
Testing and Tuning Teams 

By Scott Barber 

Performance testing tells us the current performance of our sys- 
tem; performance analysis tells us what the current performance 
issues are. But what happens after that? Typically, the perform- 
ance tester gives the results to the development team and waits 
to be told to "Try the test again." This class will show you how 
to build a collaborative testing and tuning team, involving both 
the performance testers and the development team, to greatly 
enhance the performance testing and tuning process. 

403 Making the ROI Business Case 
For Testing Techniques 

By Robin Goldsmith 

Increasingly, management demands a demonstration of financial 
return on investment (ROI) before investing in techniques and 
technology. However, testers traditionally have found it hard to 
credibly quantify the dollar value of testing techniques, which 
puts them at a disadvantage. This class teaches basic ROI con- 
cepts and how to apply them to evaluating testing alternatives, 
such as automated tools. You'll learn: 

• How to assess both the investment and the return in the 
language of business. 

• How to do value modeling that will provide essential 
credibility for dollar figures. 

• How to put hard, dollar values on soft intangibles. 

404 Lessons Learned in Test Automation, Part 2 

By Elfriede Dustin 

We continue to explore automated testing lessons learned from 
actual experiences and from feedback based on real projects, to 
help you to avoid some typical false starts and road blocks when 
you implement test automation efforts. 

Part 2 of this class includes discussion of: 

• Subject-matter experts and automated testing tools. 

• When automated testing doesn't speed up the testing 
effort. 

• Creating mini-development life cycles. 

• Automated testing as a side activity. 

• Maintenance of automated unit and system tests. 

• Real benefits of automated testing. 

• Implementing smoke tests. 

• Problems with using intrusive automated testing tools. 

• Why software developers need to keep automated 
testing tools' capabilities in mind. 

• Understand tool upgrades and how the new tool's 
features will affect existing test cases or existing 
functionality. 

• Pitfalls of using automated performance testing tools. 

• Performance testing tools and the use of extrapolation. 
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405 Using Scrum to Manage The 
Testing Effort By Robert Galen 

Scrum is one of the agile methodologies, and it focuses on 
project management in agile and iterative development efforts. 
It can be successfully applied to testing efforts to renew their 
focus and drastically improve overall results. In this presenta- 
tion we will explore the Scrum methodology and learn to 
apply it practically to your testing cycles. 
You'll learn: 

• How the Scrum methodology applies to the testing effort. 

• How to define a testing sprint goal with your key 
customers. 

• How to manage testing as a product backlog activity, 
including defining the testing focus with the customer. 

• The value of daily stand-up meetings in managing the 
testing cycle, and how to implement them correctly. 

• Why a testing sprint review is important to set the stage 
for the next testing cycle. 

406 Exploiting Web Application Code: Uijemu 
The Methodologies and Automation Of 1 *W 
SQL Injection By Matthew Fisher 

SQL injection is a technique for exploiting Web applications 
that use client-supplied data in SQL queries without stripping 
potentially harmful characters first. Despite being remarkably 
simple to protect against, there are an astonishing number of 
production systems connected to the Internet that are vulnera- 
ble to this type of attack, due to the simple fact of improper input 
validation. 

Developers and quality assurance professionals who design, 
build and test business-enabling applications generally lack 
the security knowledge necessary to avoid creating common 
defects that are so easily exploited by hackers. 

In this class, you'll learn about the techniques that can be used 
to take advantage of a Web application that is vulnerable to SQL 
injection. The session addresses proper mechanisms that should 
be put in place to protect against SQL injection, as well as over- 
all improper input validation issues. 

407 Failure Modes: Understanding 
Common Failures in Application 
Performance By Ron Bodkin 

Java and .NET applications exhibit new and complex forms of 
failure, due to the interactions of distributed components. 
However, these can be organized into three overall failure modes: 
episodic, emergent and systematic. Episodic failures cause spo- 
radic and unpredictable problems in application performance. 
Emergent failures cause gradual or trending performance degra- 
dation that can easily be observed, provided you have the cor- 
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problems that make a system unusable (under sufficient load), 
and these have traditionally received the most attention in opti- 
mization and monitoring. 

This class discusses the patterns of application failure, with 
some common examples in Java; techniques available for iden- 
tifying and fixing these failures; and how various tools can facil- 
itate in resolving them. Attendees will be best served by having 
experience in developing, testing or managing component-based 
applications running on J2EE and .NET. Examples are drawn 
from Java-based applications, but the principles apply to other 
environments as well. 
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501 Seven Steps to Building a Better Bug 
Workflow System 

By Robert Sabourin 

This class addresses one of the fundamental questions of soft- 
ware engineering: "How do we know we are finished?" Managing 
bugs is a critical part of any software development project. In this 
highly interactive class, we'll explore the concepts of bug pri- 
ority and severity, and you will learn how the priority and sever- 
ity of bugs vary depending on a blend of the business and tech- 
nical contexts. 

Development, project and SQA managers will learn a system- 
atic approach to defining how defect data can be managed. Lead 
developers and testers will learn how they can contribute to 
the entire bug workflow life cycle. Which bugs should we fix? 
Which bugs should we keep? How can we decide consistently? 

502 Rapid Business-Driven Testing 

By Clyneice Chaney 

Structured testing is a vital part of any development project. The 
problem is that almost no one is given the time and resources to 
properly execute a thorough test process. In an ideal world, rapid 
testing would not be necessary, but with most development proj- 
ects there are schedule crunches and times when a quick assess- 
ment of the product quality is necessary. 

Rapid testing is a way to scale thorough testing methods to fit 
arbitrarily compressed schedules. "Rapid" doesn't mean "not 
thorough," but it does mean as thorough as is reasonable given 
constraints on time. In this class, you will learn how to use new 
Rapid Business-Driven Testing techniques, methods and tem- 
plates that will increase product quality in rapid development 
projects. ^^^^ 

503 Strategies and Tactics for Global ™Wf 
Test Automation, Part 1 By Hung Q. Nguyen 

We automate software testing to gain speed. We organize our dis- 
tributed teams globally to maximize round-the-clock coverage 
and cost efficiency. Both solutions fulfill legitimate objectives. 
However, implementing them successfully while keeping the 
risks contained with a high degree of certainty proves to be an 
enormous challenge. 

In this class, through a series of technical and management 
case studies and real-life examples, you will learn about seven 
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steps that will deliver return on investment through a global test 
automation program. You'll learn how to: 

• Assess testing strategy and needs. 

• Know when and how to leverage automation technology to 

maximize speed. 

• Minimize the costs and risks of global resources. 

• Select the right test automation technology for the job. 

• Align testing with business processes and development 
practices. 

• Secure and develop competent resources. 

• Measure, analyze and optimize for continuing improvement. 

504 Testing Tools Inside Eclipse Af£|/|/ 

By Joe Toomey 

The Eclipse Test and Performance Tools Platform (TPTP), for- 
merly known as Hyades, provides a flexible, layered infrastruc- 
ture for integrating testing tools inside the Eclipse Workbench. 
This talk will explain the various approaches to integrating 
test editors, test-control and runtime user interfaces, test defi- 
nitions, test execution engines and test results in TPTP 4.0, as 
well as the benefits that accrue from this integration. The talk 
will be illustrated with references to the exemplary tools provid- 
ed by TPTP itself for manual testing, and it will show how URL 
testing and integration of JUnit testing provide an effective test 
toolkit for the Eclipse ecosystem. 




505 Testing XML By Elliotte Rusty Harold Af£|/|/ 

More and more applications are generating XML docu- 
ments as their primary or secondary output. XML is much easi- 
er to parse than traditional formats. At the same time, it has many 
syntactic options that make testing output more difficult than 
testing traditional, less rich formats. Simple string comparison 
is often too naive to properly test XML. 

This class explores the challenges and pitfalls of testing XML 
documents. It explains what to look for when testing XML doc- 
uments and, even more important, what to ignore. We'll consid- 
er various tools for testing XML, including parsers, schemas, 
DTDs, canonical XML and XPath. Finally, we'll discuss automat- 
ing tests by writing JUnit test cases that use XML APIs such as 
DOM to compare the actual output to the expected output. 

506 Performance Management ^ 
Throughout the Application Life Cycle Wfl/|/ 

By Ron Bodkin 

Application performance must be managed throughout the entire 
application life cycle — from analysis to design, through develop- 
ment, testing and production, and throughout the ongoing cycle 
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of monitoring and new releases. The requirements for tools sup- 
port vary by life-cycle stage. Virtual-machine improvements, code 
profilers, performance unit tests, load test generators, enterprise 
management systems, application performance monitoring and 
even business activity management software each address spe- 
cific requirements across various stages of the application life cycle. 

This class will review best practices for ensuring application 
performance and reliability, and will look at effective tools and 
techniques both old and new. We will discuss the types of prob- 
lems that are most typically encountered at the various life-cycle 
stages and review the advantages and disadvantages of the vari- 
ous tools available to assist in performance management within 
each segment of the cycle. We'll also dig into more detailed exam- 
ples for Java-based applications. 

Attendees will be best served by having experience in devel- 
oping, testing or managing Web-based applications. Examples 
are drawn from Java-based applications, but the principles apply 
to other environments as well. 

507 Avoiding the Finger of Blame: AfE|/|/ 
Bringing Development and Testing 
Together With the Business Side By Jim Carty 

As the former manager of a software development team of 125 
analysts, developers, system testers and unit testers, this speak- 
er found there were many times where a team's effectiveness and 
ability to deliver were strongly influenced by its ability to work 
effectively with the business side and other stakeholders in the 
organization. 

This class will feature real-world examples of how to build 
a better bridge between software development, testing and per- 
formance tuning teams and the ultimate customer, the business 
user. In this class you will learn: 

• Ways to understand the perspective of the ultimate end 
user, and what it means for you. 

• How to manage expectations better. 

• How to extract better requirements, and how to get full 
buy-in when you do. 

• How to deal with test tool vendors — making sure they 
are working for you and not against you. 

• How to recognize warning signs that the Finger of Blame 
is moving in your direction, and what to do about it. 

• How to develop and deliver your value proposition to 
the business side. 
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601 Designing and Utilizing Test 
Matrices By Duri Price 

If we're dealing with a large number of variables, it can be time- 
consuming to test them all, very difficult to correctly identify 
which variables are causing a problem, or hard to get the prob- 
lem to happen consistently. This class will discuss coverage, iso- 
lation and combinatorial matrices and how they can improve 
your accuracy and speed in testing. 

602 Managing Culture Shock: A 
Journey to Organizational Change Wflflf 

By Clyneice Chaney 

An organization's culture, people, process and structure are the ele- 
ments that enable it to function. When a software organization that 
has a long tradition of doing one type of development and testing 
moves to different development and testing approaches, it can expe- 
rience significant culture change from the transition. 



This class shows how to integrate a new testing group into a 
high- visibility project and manage the resulting culture change. 
The culture change is viewed from two perspectives: the test- 
ing organization undergoing the transformation, as well as the 
development organization, which must react to and work with 
the new group. 
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603 Strategies and Tactics for Global Test 
Automation, Part 2 By Hung Q. Nguyen ^ 

Please see the class description under class 503. ■■Clrlf 

604 Effective Load Testing flfpijij 
By Alexander Podelko ™ 

Testing of multi-user applications under realistic and stress loads 
is really the only way to ensure appropriate performance and 
reliability in production. This class outlines some issues to con- 
sider in performance testing and presents the typical pitfalls from 
the practical point of view. The list is meant to contrast load test- 
ing with functional testing and is mainly based on experience 
with distributed business applications. 

The class is oriented toward people with limited load testing 
experience, although more experienced attendees could proba- 
bly find something interesting, too. 

605 Using Code Metrics for Targeted I\IEIIU 
Code Refactoring By Andrew Glover "* 

Oftentimes, candidate code for refactoring is based on subjective 
determinations. The proper uses of code metrics, such as cyclo- 
matic complexity, fan-in, fan-out and depth of inheritance, can 
also facilitate the discovery of candidate code that is in need of 
refactoring. 

For example, cyclomatic complexity is adept at spotting meth- 
ods containing a high degree of conditional logic, which, conse- 
quently, can be replaced with polymorphism, as elaborated by 
Martin Fowler. Additionally, excessively deep hierarchy trees 
create problematic testing targets, which can be broken out into 
separate objects with Fowler's Replace Inheritance with Delegation 
and Collapse Hierarchy patterns. Fan-in and fan-out are quite effec- 
tive at pinpointing brittle code, which can be refactored into a 
more stable state with a plethora of patterns, including Extract 
Hierarchy and Extract Class. 

Attendees will leave the presentation with an understanding 
of seven industry-standard code metrics; moreover, they will have 
the ability to utilize these metrics to spot "complex" code and will 
have a grab bag of techniques with which to improve the code. 
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606 Automated Database Testing: 
Testing and Using Stored Procedures 

By Mary R. Sweeney 

Today's heterogeneous data environments place an increasing- 
ly heavy burden on test engineers. Applications, whether Web- 
based or client/server, must be tested for seamless interface with 
the back-end databases; this typically goes far beyond what the 
popular test automation tools can provide. The intricate mix of 
client/server and Web-enabled database applications are extreme- 
ly difficult to test productively. As a result, today's test engineers 
are increasingly expected to know how to create and use SQL 
queries, stored procedures and other relational database objects 
to effectively test data-driven environments. 

In this class, you will learn about the increasing importance 
of testing at the database layer as an important adjunct to current 
tests. Using demonstrations and code examples, the instructor 
will present tips and techniques for creating efficient automat- 
ed tests of the critical database back end using SQL, scripting 
languages and relational database objects. 

You will learn: 

• Why testing of database objects and stored procedures 
is necessary, and why popular automated tools can't 
keep up. 

• How simple and effective automated tests can be created 
using various programming languages, like Perl and 
VBScript. 

• How to successfully test database objects, such as stored 
procedures and views, with many examples and code. 

• Specific procedures, queries, views and other relation- 
al database objects that are valuable for typical testing 
situations. 

• How these automated tests can be productively inter- 
leaved with other popular testing tools. 

607 Model-Based Testing for Java 
And Web-Based GUI Applications 

By Jeff Feldstein 

Classic test automation simply repeats the same tests (with option- 
ally varying data) until it stops failing or the application ships. The 
problem with this approach is that customers rarely flow through 
the application in the same sequence as the automation, and thus 
they are likely to find bugs that the automation missed. Model- 
based testing is a form of automated testing that brings random and 
flexible behavior to your automated test cases. 

Model-based testing can be used for many types of software 
or application testing. This class will teach how to implement mod- 
el-based testing, specifically as applied to Java and Web applica- 
tions. Part of the course includes a demonstration of model-based 
testing; you will be able to download the XDE Tester source code 
used in the demonstration. 



I Thursday, Nov. 3 
2:00 p.m. - 3:30 p.m. 

AfEitf 

701 Unit Testing for Agile Development, 
Part 1 By Rob Sabourin 

With the increasing popularity of agile development methods, 
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the role of testing is starting earlier in the software development 
cycle. Testers and developers are challenged to develop software 
at lightning speed, often using new and untested technologies. 
This class will show you how development and testing teams 
can work together to promote and implement improved unit test- 
ing. You will learn how to save your company money by finding 
and fixing bugs long before system testing even starts. Get the 
ammunition you need to convince management of the econom- 
ic and business benefits of comprehensive unit testing. 

This two-part class addresses unit testing issues within the 
context of different development life cycle models, especially 
new agile approaches, and demonstrates the tools and techniques 
needed to organize for and implement unit testing. The class is 
taught in workshop style and includes many hands-on group and 
team exercises, examples and unit testing tool demonstrations. 

Due to the interactive nature of these workshops, class size is 
limited to 30 people. 
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702 Performance Testing for Managers 

By Scott Barber 

Performance testing as an activity is widely misunderstood, par- 
ticularly by managers and others not directly involved in doing 
it. This presentation details the most critical things for managers 




to know about the performance testing process and ways to 
improve it. Learning, understanding and applying these nuggets 
of knowledge to your current or future performance testing proj- 
ects will dramatically increase your team's chances of success. 
In this class you will learn: 

• How to work with experienced performance testers to 
get the results you need, even if you can't verbalize them 
yet. 

• Why performance testing should begin well before the 
application is fully functional, and how to do it. 

• How to recognize the difference between "delivery" and 
"done" as they relate to performance testing, and how to 
assess and balance the risks inherent in each. 

• Ways to better integrate performance testing personnel 
into the development team effort, and vice versa. 

• How to create and maintain a program that will ensure 
not only that your performance testers have the tools 
they need, but that they will know how to use them and 
when to put them away. 

• Why extrapolating production loads from data collect- 
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ed on test systems is, at best, black magic — and what 
you can do to improve the accuracy of your produc- 
tion estimates. 

703 Measuring JUnit Code Coverage Af£|/|# 

By Elliotte Rusty Harold 

A comprehensive unit test suite is a necessity for a robust pro- 
gram. But how can you be sure that your test suite is testing every- 
thing it should? This class will explore different tools and strate- 
gies for measuring code coverage and for verifying that the tests 
are actually testing what they're supposed to be testing (and what 
to do when they're not). The result is not only better-tested code, 
but more robust, reliable, bug-free programs. 

704 Developing an Effective Hutu, 
Performance Testing Strategy ™™ 

By Ross Collard 

This class addresses the tester's question: How do I test perform- 
ance in a particular situation? We will review a lightweight 
methodology for developing your performance testing approach, 
which is applicable in a broad range of contexts. You will learn 
how to: 

• Factor the business and technical contexts into your 
performance testing. 

• Perform quick initial impact assessments to justify the 
performance testing. 

• Facilitate tuning, debugging, fixing, capacity planning 
and right-sizing. 

• Use risk assessment to focus and prioritize the perform- 
ance testing efforts. 

• Test for scalability. 

• Determine what loads to test with. 

• Determine what tools, equipment and facilities to have 
in the test lab. 

• Decide what to observe and where to monitor during 
testing. 

705 Testing Financial Software Af£|/|/ 
Systems By Bernie Berger 

Financial institutions make money by collecting interest on loans 
or by trading securities, not by developing software. Consequently, 
financial services (FS) systems present interesting challenges for 
software testers. Because FS technology is so broad, a key fac- 
tor for QA/test success is to recognize the specific context in 
which these systems are working. We will present three closely 
related examples as they relate to financial software systems: 

• Tradeoffs between performance and accuracy 

• The impossibility of test completeness 

• Test plan management, and measurement dysfunction 
We will examine testing methods for batch processing at retail 

banks, and contrast them with those used for real-time trading 
systems. 

We will demonstrate a method of maximizing test coverage 
while minimizing the number of test cases, called "all-pairs," 
and apply this method using the Financial Information Exchange 
(FIX) protocol. FIX is a tag-value messaging standard used to 
communicate financial data among financial market participants. 

Another issue to be discussed is the proper development of 
the test plan. FS is a regulated industry, and the test plan could 
be used as evidence in courts in the distant future. Yet the test 
plan needs to serve the project in the here-and-now. We will 
explore a multidimensional approach to evaluating test plans, 
and we'll see why some measurement techniques are often worse 
than no measurement at all. 



NEini 



706 A Manager's Guide to GUI Test 
Automation By Yury Makedonov 

Managers find themselves between a rock and a hard place when 
managing test automation. From one side they are bombarded by 
a constant stream of sales pitches promoting the "click, click, 
click" record-and-replay approach. From the other side they 
are pressed by test automation "gurus" promoting their own, 
sometimes extremely convoluted, frameworks. So, it's a chal- 
lenge for a manager to keep his or her sanity under these condi- 
tions and to make sensible test automation decisions on tool and 
framework selection and test automation management. 

In this real- world class, major myths and misconceptions are 
dispelled, and explanations are provided as to how to keep GUI 
test automation projects on track. 

This presentation includes discussion of: 

• Major principles and current industry standards of GUI 
test automation. 

• How to decide if a specific project should be automat- 
ed or not. 

• How to define a scope for test automation. 

• How to select a test tool to automate a specific applica- 
tion. 

• How to build a team for test automation. 

• How to select a test automation framework that fits your 
test automation needs. 

• Potential problems and roadblocks of test automation. 

• How to manage test automation projects. 

707 Developing Web Security Testing Expertise 
In Your Organization By Hung Q. Nguyen 

Security issues are among the highest concerns at many organi- 
zations. Nevertheless, developing and sustaining a specialized 
security testing staff with a breadth and depth of expertise is often 
beyond the reach of all but the largest companies. As an alterna- 
tive, developers and test engineers are called on to fill the gap. 
The challenge is that Web application security testing is very 
different from software functionality testing. In this talk, you will 
learn how to quickly bring your team up to speed on new skills 
to address security testing needs. To that end, you will learn 
the key differences between application security testing, network 
security testing and functional testing; how to think and play like 
hackers; the top vulnerabilities your team needs to test for; and 
some of the common tools with which you should be familiar. 
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801 Unit Testing for Agile Development, 
Part 2 By Rob Sabourin 

Please see the description under class 701. Due to the interactive 
nature of these workshops, class size is limited to 30 people. 

802 Differential Testing: a Cost- Effective 
Automated Test Approach for Large, AfE|/|/ 
Complex Systems By Rick Hower 

Differential testing is an automated method you can use in test- 
ing large, complex systems. It's especially useful in situations 
where part or all of an existing production system is being upgrad- 
ed, and the end-to-end functionality of the new system is expect- 
ed to be the same as the old one. 

This class uses a detailed case study to provide a descrip- 
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tive example of this novel and surprisingly effective approach. 
The case involves the replacement of a critical subsystem in a 
telecom billing process. In this class you will: 

• Learn how to determine if differential testing will be 
useful for a project. 

• Obtain some useful methods for selecting appropriate 
automated test data. 

• Discover critical factors affecting the success of 
differential testing. 
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803 Accelerate Testing Cycles With 
Collaborative Performance Testing 

By Rick Cavallaro 

Testing and tuning the performance of enterprise Web applica- 
tions is a complex task, undertaken by a team that may include 
performance engineers, QA testers, architects, developers, data- 
base administrators and related project team members. The process 
is especially difficult when testers and developers are distrib- 
uted around the building, around the country or even around the 
globe. 

This session will provide a new methodology for collabora- 
tive load testing — an antidote to the iterative, multiweek process 
based on e-mail and conference calls that most organizations are 
forced to use today. Attendees will learn: 

• The drawbacks of traditional approaches to performance 
testing. 

• How to incorporate a team-based methodology for per- 
formance testing. 

• A new solution for collaborative load testing in a Web- 
based environment. 

• How this methodology helped a well-known HR soft- 
ware firm with teams distributed across Massachusetts, 
California and India to shorten test cycles and improve 
the performance of its flagship product. 

• How outsourcing can impact QA efforts, and what you 
can do to mitigate that impact. 

804 Planning and Managing a Beta Af£ty|f 
Test Program By Duri Price 

External or internal beta testing can be extremely useful, but it 
is not free. Here we'll learn how to structure and run a beta test 
program, be aware of the hidden costs, and get the best return on 
our investment of time and effort. 

805 Worst Testing Practices: How To 

Fail at Testing Without Even Trying WElflf 

By Matthew Young 

Much attention is paid to testing best practices, but as anyone 
who has tried and failed often says, we learn more from our mis- 
takes than we do from our successes. This class focuses on those 
mistakes and worst testing practices as a means to show how not 
to manage and execute a testing effort properly. Through the lan- 
guage of patterns and a universal application of worst practices, 
attendees will learn all they need to know to make their next test- 
ing effort a complete and total failure by applying such tech- 
niques as: 

• Test planning is for wimps 

• Last person hired has to test 
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• Test late, test once 

• Who needs requirements (and what is this analysis you 
speak of)? 

• Our customer is our test team, so why test here? 

• If it ain't broke, don't touch it 

• We're shipping this afternoon. Think you can test this? 

806 Profiling a J2EE Application Using AfEUl 
The Eclipse Test and Performance Tools w 
Platform By Vince Adamo 

This class will describe how to use the Eclipse Test and 
Performance Tools Platform (TPTP) to profile a Java applica- 
tion running within a J2EE container application. 

TPTP is an Eclipse technology project that provides a frame- 
work and services for test and performance tools. In this class, 
you will learn about the tracing and profiling tools provided with- 
in this framework to support Java application performance-tun- 
ing activities. 

This tutorial will provide step-by-step instructions on config- 
uring, profiling and analyzing an example Java application 
deployed to a JBoss J2EE application server. No previous expe- 
rience in profiling Java applications is required, but a general 
understanding of developing and testing Java applications will 
be beneficial. 




807 Coding Standards and Unit Aff |/|/ 

Testing — Why Bother? By Mark Lambert 

Many developers think that the industry best practices of cod- 
ing standards and unit testing are a waste of time: They require 
additional effort, but they don't seem to make your life any eas- 
ier, or your code any better. This is not surprising. 

This class explains how developers can apply coding stan- 
dards and unit testing to improve their code and prevent the 
number of problems they need to identify, diagnose and fix over 
the course of the project. The first half teaches you how to apply 
coding standards to prevent errors related to code functionali- 
ty, security and performance. The second part focuses on how 
you can extend traditional unit testing to expose reliability prob- 
lems that could lead to instability, unexpected results or even 
crashes or security vulnerabilities. We will also discuss how these 
test cases can be leveraged to build a project-wide automated 
regression system that runs in the background each night and 
immediately alerts the team when code modifications or addi- 
tions break previously verified functionality. 
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Vince Adamo is a senior 

Performance Architect for 360Com- 
merce Corp., a retail-store and enter- 
prise software vendor. Previously, he 
worked for five years as a team lead 
for performance engineering/soft- 
ware development at Vignette Corp., 
and prior to that at Valmet Auto- 
mation and United Gas Pipeline. 

Mr. Adamo has more than 20 years of experience devel- 
oping and testing software and managing both development 
and performance management teams. He has a Master of 
Computing Science degree from Texas A&M University. 

Scott Barber is chief technology officer at Perf- 
TestPlus Inc. His specialty is context-driven performance 
analysis for multi-user distributed sys- 
tems. He focuses on teaching and 
performing practical performance 
testing and analysis. His project- 
level experience has been evenly 
split between testing and analyzing 
performance for complex systems 
and mentoring organizations in the 
development of customized corpo- 
rate methodologies based on his per- 
formance testing approach. 

Mr. Barber has a master's degree in 
IT from American Intercontinental University. He writes 
Peak Performance, the performance testing column in 
Software Test & Performance magazine, and he also speaks 
at many technical conferences. 

Over the past 15 years, Bemie Berger has been a 
testing contractor, independent consultant, QA manager, 
systems analyst, supervisor and test engineer at a host of 
major firms in New York's financial community; he is cur- 
rently assistant vice president of quality assurance at 
Citigroup Derivatives Markets. He is 
active in the greater QA communi- 
ty, lecturing and publishing in var- 
ious professional venues and peri- 
odicals such as STAR and STQE. He 
also owns Test Assured, a software 
quality consulting business. 

Mr. Berger's volunteer work 
includes moderating several mes- 
sage groups, including Tester-Career- 
Support, a free, nonprofit Yahoo 
group dedicated to helping QA folks get better jobs, and QA 
on Wall Street, the goal of which is to improve the state of 
financial software systems testing. 






BOU Bodkin is the founder of New Aspects of 
Software, which provides consulting and training on appli- 
cation development and architectures, with an emphasis on 
performance management and effec- 
tive uses of aspect-oriented program- 
ming (AOP). He is also leading the 
development of performance man- 
agement tools for Java and is a mem- 
ber of AspectMentor, a consortium 
of AOP experts. 

Mr. Bodkin previously worked for 
the AspectJ group at Xerox PARC, 
where he led the first AOP imple- ^ 
mentation projects and training for 
customers. Prior to that, he was a founder and the CTO of 
C-bridge, a consultancy that delivered enterprise applica- 
tions using frameworks for Java, XML and other Internet 
technologies. C-bridge grew to 900 employees and a suc- 
cessful IPO in December 1999. 

Mr. Bodkin frequently speaks and presents tutorials at 
conferences and for customers, including presentations at 
Software Development, TheServerSide Symposium, Eclipse- 
Con, OOPSLA, Edge and AOSD. 

HanS BllWalda leads LogiGear Corp.'s action-based 

testing (ABT) research and development, and he oversees 

the practice of ABT methodology. Prior to joining LogiGear, 

he served as project director at CMG 

The Netherlands, where he was the 

original architect behind the Action 

Words approach, an integrated 

method for planning, managing and 

deploying software testing and test 

automation, now widely used 

I throughout the industry. 

Mr. Buwalda is an international- 
W ly recognized expert specializing in 
^^^^^ action-based test automation, test 
development and testing technology management. He's also 
a speaker at international conferences, delivering tutorials 
and workshops, as well as presenting testing concepts such 
as ABT, the three Holy Grails of test development, soap- 
opera testing, and testing in the cold. Recently, Mr. Buwalda 
co-authored "Integrated Test Design and Automation." He 
holds an M.S. in computer science from Free University, 
Amsterdam. 



Jim darty is president of IS Value Corp., a company 
focused on helping clients improve the performance and 
productivity of their information systems. He has more than 
23 years of experience in information systems in a variety 
of roles in management, finance, marketing, operations and 
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development. His consulting back- 
ground includes working for 
PricewaterhouseCoopers, advising the 
company on the merger of the Nasdaq 
and the American Stock Exchange. 
He has also been a CIO at several com- 
panies focusing on e-commerce ini- 
tiatives and organizational change. 

Mr. Carty's insights into IT and the 
markets have been published in mag- 
azines and newspapers and broadcast on radio, as well as 
being the topic of numerous speaking engagements. He has 
served on the faculty at Columbia University, teaching cours- 
es in e-commerce and emerging technologies, and he was 
most recently a managing director of systems at PNC Financial 
Services. 



In his five years at Empirix, Rick CdVClllarO, sen- 
ior applications engineer, has worked with hundreds of com- 
panies helping to ensure the perform- 
ance of their most critical Web appli- 
cations. A 10-year veteran of the soft- 
ware industry, he specializes in test- 
ing and application development. 

Prior to joining Empirix, Mr. 
Cavallaro served in engineering roles 
at Aviv, Workstation Solutions and 
Revelation Software. He holds a BSEE 
degree from the University of 
Massachusetts, Lowell. 



Clyneice Chaney, quality manager at Project 
Performance Corp., brings more than 16 years of testing, qual- 
ity assurance and process improvement experience. She is 
an American Society for Quality Certified Quality Manager 
and a Quality Assurance Institute 
Certified Quality Analyst. She also 
holds the Project Management In- 
stitute's Professional Project Manager 
Certification and is a 2002 Georgia 
Oglethorpe Examiner (State Quality 
Award). 

Focusing on process improvement 
and procedure development in the 
software testing and quality assur- 
ance areas, Ms. Chaney has success- 
fully led process improvement, methodology development 
and re-engineering projects for organizations wishing to 
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improve their software development, testing processes and 
tools implementation. Ms. Chaney has presented at the 
Software Engineering Institute's SEPG Conference, the 
American Society for Quality's Quality Manager's confer- 
ence and the 2004 Software Test & Performance Conference. 

ROSS Collard is president of Collard & Co., a New 
York consulting firm. While he spe- 
cializes in software testing and qual- 
ity assurance, his consulting assign- 
ments have included strategic plan- 
ning on the use of information tech- 
nology for competitive advantage, 
the facilitation of quality improve- 
ment teams, management of large 
software development projects and 
the development of software engi- 
neering practices. 

Mr. Collard has made keynote presentations at major soft- 
ware conferences, published articles, and conducted semi- 
nars on information technology topics for businesses, gov- 
ernments and universities, including George Washington 
University, Harvard, New York University and U.C. Berkeley. 
He holds a B.E. in electrical engineering from the University 
of Auckland, New Zealand, an M.S. in computer science 
from the California Institute of Technology and an M.B.A. 
from Stanford. 



Elfriede Dustin is an sqa 

manager at Symantec Corp., author of 
the book "Effective Software Testing" 
and lead author of "Automated 
Software Testing" and "Quality Web 
Systems." She is currently writing the 
"Security Testing Handbook," along 
with two security experts, to be pub- 
lished by Symantec Press (spring 
2006). She has also authored various white papers on the 
topic of software testing and is a frequent speaker at various 
software testing conferences. 

Ms. Dustin holds a B.S. in computer science and has more 
than 15 years of IT experience in various positions, such as 
QA director for BNA Software and assistant director for inte- 
gration test and deployment at CSC on the IRS moderniza- 
tion effort. 



Jeff Feldstein is currently a 
manager of software development at 
Cisco Systems Inc. During his 24-year 
career, he has been a software devel- 
oper, tester, development manager 
and computer consultant; for the past 
five years, he has been involved with 
software testing and has managed a 
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team of developers who write software test tools. His spe- 
cialties have included internetworking, real-time embedded 
systems, communications systems, hardware diagnostics and 
firmware, databases and test technologies. Mr. Feldstein has 
spoken at technical conferences nationwide. 



Matthew Fisher is a senior 

security engineer for SPI Dynamics 
and has more than 12 years of expe- 
rience in the information technology 
industry. Prior to joining SPI 
Dynamics, he worked at Computer 
Sciences Corp. and at Digex, where 
he acted as lead technical advisor on 
large-scale enterprise Web applica- 
tions for Fortune 500 companies. 

Mr. Fisher currently provides Web 
application security consulting and technical advice for a 
variety of clients, including government, health care, finance 
and manufacturing organizations. He has multiple certifi- 
cations from Microsoft, Checkpoint and ISC2, including 
CNA, MCP, CCSA, CCSE and CISSP, and has spoken on the 
topic of Web application security at numerous conferences 
for the Department of Defense, civilian federal agencies and 
the commercial sector. 

Martin Fowler is the chief scientist for 
Thought Works Inc. and is a renowned author, software con- 
sultant and speaker, bringing more than 14 years of experi- 
ence in helping corporations utilize object technology for 
mission-critical information systems. 

Prior to joining ThoughtWorks, Mr. Fowler collaborated 
with the company on the develop- 
ment of an Enterprise JavaBeans- 
based e-business application for a 
Fortune 500 organization. 

During his tenure as an independ- 
ent software consultant, Mr. Fowler 
has helped pioneer the practical use 
of some of the industry's leading 
development techniques, including 
UML (Unified Modeling Language), 
Extreme Programming, and Refactoring 
and Analysis Patterns. 

His literary achievements include authoring "Refactoring: 
Improving the Design of Existing Code"; the award-winning 
"UML Distilled, Second Edition: A Brief Guide to the Standard 
Object Modeling," "Analysis Patterns: Reusable Object Models," 
"Planning Extreme Programming" and "Patterns of Enterprise 
Application Architecture," which has also won numerous 
awards. He also edits a signature series of books for Addison- 
Wesley. 

Mr. Fowler speaks at many international conferences on 
software development. He was program chair of XP 2005 and 





of Agile Universe in 2001. He also serves as a columnist for 
IEEE Software magazine and is a founder of the Agile Alliance 
and co-author of the Manifesto for Agile Software 
Development. 



Robert L. Galen is a senior QA manager at 
Thomson/Dialog Corp. in Cary, N.C. He is also a principal 
at RGalen Consulting Group, LLC, and has held director-, 
manager- and contributor-level positions in both software 
development and quality assurance organizations. He has 
nearly 25 years of experience working in a wide variety of 
domains, from hard, real-time systems to Web-based infor- 
mation systems. 

Mr. Galen is an active member of 
ACM, ASQ, IEEE/CS and PMI. He is 
passionate about and committed to 
the profession of software engineer- 
ing and product development. He 
speaks frequently at international 
conferences (STAR, ASM/SM, 
PSQT/PSTT and QAI) and to local 
North Carolina organizations on top- 
ics related to software development, 
project management, software testing and team leadership. 

Mr. Galen is a certified Scrum Master, a member of the 
Agile Alliance and the author of "Software Endgames" (Dorset 
House, 2005). 

Andrew Glover is the 

founder and CEO of Vanward 
Technologies, a Washington, D.C., 
company specializing in the construc- 
tion of automated testing frameworks 
and tools. Before founding Vanward 
Technologies, Mr. Glover was a soft- 
ware architect for Netwhistle.com, 
where he designed and led a develop- 
ment team in the construction of an Internet-based portal for 
monitoring network applications. 

Mr. Glover's career includes leadership in software devel- 
opment for IBM, Philips Electronics and Procter & Gamble. 
He is a graduate of George Mason University in Fairfax, Va., 
and is a frequent speaker at industry 
events. Mr. Glover is a co-author of 
"Java Testing Patterns" (Wiley, 2004). 



Robin F. Goldsmith has 

been president of the Go Pro 
Management Inc. consultancy since 
1982. He works directly with and 
trains professionals in business engi- 
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neering, requirements analysis, software acquisition, proj- 
ect management, quality assurance and testing. Previously 
he was a developer, a systems programmer/DBA/QA and a 
project leader with the City of Cleveland, leading financial 
institutions, and a "Big 4" consulting firm. 

Author of numerous articles and the recent book 
"Discovering REAL Business Requirements for Software 
Project Success," and a frequent speaker at leading profes- 
sional conferences, Mr. Goldsmith was formerly internation- 
al vice president of the Association for Systems Management 
and executive editor of the Journal of Systems Management. 
He chaired BOSCON 2000 and 2001 and ASQ Boston 
Section's Annual Quality Conferences, and he is a member 
of the ASQ Software Division Methods Committee. Mr. 
Goldsmith has an A.B. from Kenyon College, an M.S. from 
Penn State University and a J.D. from Boston University. 

Michael Hackett is a founding partner of LogiGear 
Corp. and is responsible for the direction and development 
of the company's training program. He 
has in-depth experience in software 
engineering and the testing of appli- 
cations developed for deployment 
across multiple platforms. 

Mr. Hackett has helped companies 
such as Palm Computing, Oracle, 
CNET, Adobe Systems, PC World and 
The Well successfully produce, test 
and deploy applications ranging from 
business productivity to educational 
multimedia titles — in English as well as other languages. 

Mr. Hackett writes and teaches a software testing curricu- 
lum for LogiGear University, and for the University of 
California at Berkeley Extension. He is also co-author of 
"Testing Applications on the Web: Test Planning for Mobile 
and Internet-Based Systems," Second Ed., and holds a B.S. 
in engineering from Carnegie Mellon University. 



Elliotte Rusty Harold is 

an adjunct professor of computer sci- 
ence at Polytechnic University, 
where he teaches XML and object- 
oriented programming. His Cafe au 
Lait Web site has become one of the 
most popular independent Java sites 
on the Internet, and his spinoff site, 
Cafe con Leche, has become one of 
the most popular XML sites. 
Mr. Harold is a frequent contributor to IBM developer- 
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Works on subjects ranging from XML to Java to software 
testing. His books include "Effective XML," "Processing 
XML with Java" and "Java Network Programming." He's 
currently working on the XOM API for processing XML and 
the Jaxen XPath engine. 

Rick Hower is a consultant 
with more than 12 years of experience 
in software quality assurance, testing, 
process improvement and test automa- 
tion. He has worked on projects in 
areas such as finance, government, 
telecommunications, transaction pro- 
cessing, imaging/workflow systems 
and Web/Internet technology. 

Mr. Hower has provided services 
for companies such as Oracle, AOL, Visa, government agen- 
cies and a wide variety of other organizations. Since 1996, 
he has also authored and maintained the softwareqatest.com 
Web site. 



Timothy Korson has had a 

decade of substantial experience 
working on a large variety of systems 
developed using modern software 
engineering techniques. This experi- 
ence includes distributed, real-time, 
and embedded systems, as well as 
business information systems in an 
n-tier, client/server environment. Dr. 

Korson's typical involvement on a project is as a senior man- 
agement consultant with additional technical responsibili- 
ties to ensure high-quality, robust test and quality assurance 
processes and practices. 

The principal of Korson Consulting, Dr. Korson also teach- 
es at Southern Adventist University, has authored numer- 
ous articles, and has co-authored a book, "Object Technology 
Centers of Excellence" (Manning Publications). He has deliv- 
ered many lectures at major international conferences and 
has contributed to the discipline through original research. 
Dr. Korson earned a Ph.D. in business information systems 
at Georgia State. 



Mark Lambert is a member 

of Parasoft's Professional Services 
team, where he specializes in the 
application of automated error-pre- 
vention tools to the development 
process. 

With more than eight years of prac- 
tical Java experience, Mr. Lambert has 
a hands-on approach to development 
and the use of tools to improve qual- 
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ity throughout the development process. He has been a speak- 
er at numerous corporate and industry events. 



Yliry MakedoZlOV was trained as a researcher and 
worked in an R&D organization dealing with composite mate- 
rials. He has a Ph.D. degree in physics and mathematics. He 
is now using his skills and knowledge 
to improve software quality. 

Dr. Makedonov has 10 years of 
testing experience. Currently, he is 
working as a QA manager, a test 
automation manager and a senior 
consultant for the Centre of Testing 
and Quality at CGI Group Inc., a lead- 
ing Canadian provider of end-to-end 
information technology and business 
process services. 

Hung Q. Nguyen is CEO and founder of LogiGear 
Corp., a software quality engineering firm offering training, 
testing services and test automation 
products. He is author and co-author 
of several software testing books, 
including "Testing Applications on 
the Web," Second Ed., and "Testing 
Computer Software," Second Ed. 

Mr. Nguyen writes and teaches a 
software testing curriculum for 
LogiGear University, as well as for 
U.C. Berkeley and the U.C. Santa 
Cruz Extension. He holds a B.S. in 
quality assurance from Cogswell Polytechnical College, is 
a graduate of the Stanford Graduate School of Business 
Executive Program, and is a Certified Quality Engineer. 

Thomas O'Mara has more ^ 

than 25 years of experience with PC- 
based computing, ranging from Fiber 
Optic Gyroscope data acquisition 
using the stack-based FORTH lan- 
guage to Web-based applications uti- 
lizing the .NET Framework and 
ASP.NET. In between, there were C, 
Visual Basic, and various database and 
middleware initiatives. 

Mr. O'Mara has been working with and writing articles 
about .NET technology since early 2001. He has consider- 
able direct performance-tuning experience on a Web-based 
ASP.NET banking software application for large credit unions. 

Alexander Podelko is principal performance 
engineer at Hyperion Solutions in Stamford, Conn. He has 
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eight years of experience in perform- 
ance engineering and more than 15 
years of overall experience in the soft- 
ware industry. He frequently speaks 
and writes about performance engi- 
neering and load testing. 

A part of Dr. Podelko 's collection 
of performance-related links and doc- 
uments is shared on www. Alexander 
Podelko.com. He holds a Ph.D. in 
computer science from Gubkin University and an MBA from 
Bellevue University. 

Dun ±riCe works at Exceed Training to redevelop and 
enhance the Software Testing Methodology series of class- 
es, including more than 140 hours of instruction material. 

With more than seven years of senior QA management 
experience, Mr. Price has built and led the QA function for 
a variety of leading technology organizations, including 
Interlinq Software, DDI/STlabs, Testing Testing 123 and 
eSociety. While specializing in the complex process of build- 
ing an efficient QA department from the ground up, he has 
also audited and reorganized existing QA and testing organ- 
izations to fit a company's changing technical, organization- 
al and business environments. 

In 2001 and 2002 Mr. Price worked for Hall-Kinion as a 
QA/test management consultant, creating and leading the 
testing efforts for Double Jump and WRQ. 

BJ RollisOn is a technical train- 
er in the Engineering Excellence 
Group at Microsoft, where he designs 
and develops an intensive, hands-on 
technical training curriculum for new 
and experienced test engineers. He 
started his professional career in the 
industry working on developing cus- 
tom solutions for hospitals and local 
government agencies in Japan. In 1994 
he joined the Windows 95 project at Microsoft, focusing on 
the internationalization of the Windows operating system. 
In 1996, Mr. Rollison became a test manager in the Internet 
Client and Consumer Division, responsible for several client 
products and a Web server. He moved to Microsoft's Internal 
Technical Training group in 1999 as the director of test train- 
ing, responsible for planning and organizing training for more 
than 6,000 test engineers. He also teaches software testing 
courses at the University of Washington and sits on the advi- 
sory boards for software testing certificate programs at the 
University of Washington and Lake Washington Technical 
College. 
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Robert Sabourin, p.Eng., 

has more than 20 years of manage- 
ment experience leading teams of 
software development professionals 
to consistently deliver projects on 
time, on quality and on budget. 

Mr. Sabourin is an adjunct profes- 
sor of software engineering at McGill 
University who often speaks at con- 
ferences around the world on software 
engineering, SQA, testing and management issues. 



Alfred SorkowitZ, now an independent software 
consultant, was a computer scientist 
with the Department of the Navy, 
responsible for developing real-time, 
software-intensive embedded sys- 
tems. Prior to joining the Department 
of the Navy, he was director of the 
Standards and Quality Control staff, 
U. S. Department of Housing and 
■ Urban Development. 

The staff was responsible for soft- 
ware standards and SQA for all in- 
house as well as contractor-developed software. While at 
HUD, Mr. Sorkowitz initiated a successful testing procedure 
to improve the quality of unit testing that utilizes automat- 
ed tools and testing metrics. 

Mr. Sorkowitz has published papers and has presented 
seminars on software metrics, SQA and testing at confer- 
ences sponsored by the IEEE Computer Society, ACM and 
the British Computer Society. 

MaryR. Sweeney has been 

developing, using and testing relation- 
al database systems for 20 years, start- 
ing at Boeing and then with Software 
Test Labs. She has taught automated 
testing using Visual Test and Visual 
Basic and SQL database testing tech- 
niques to many companies, including 
Microsoft, Boeing, Intel, Hyperion, 
Baseline Financial, Fidelity Invest- 
ments, Reuters, Unilever and Washington 
Mutual. 

Ms. Sweeney writes articles on test automation and authored 
"Visual Basic for Testers" (Apress, 2001). Currently she is a col- 
lege professor and also does independent consulting and train- 
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ing through Exceed Training. Ms. Sweeney has degrees in math- 
ematics and computer science from Seattle University and is 
a Microsoft Certified Professional (MCP) in SQL Server. 



Joe lOOUiey is a senior software engineer at the IBM 
Rational lab in Lexington, Mass. He has ^ m . _„ 
been a committer on the Eclipse Test 
and Performance Tools project since 
its inception in 2002, leading the Test m 
Model subgroup and acting as com- 
mitter for the Test Model team and the 
Execution Environment Control group. 
Mr. Toomey also participates in sev- 
eral IBM Architecture groups. He v 
received a B.S. in mathematics and 
computer science from Carnegie Mellon 

University in 1993 and joined Rational Software in 1997. Prior 
to his work on TPTP, he was a developer on several Rational 
products, including Rational Robot, Rational Quality Architect 
and Rational XDE Component Test. 

Christopher Valorose is 

a senior principal SQA engineer at 
Symantec. He has 11 years of experi- 
ence in software quality assurance and 
is currently responsible for automat- 
ed testing across multiple products. 
Before Symantec, Mr. Valorose 
worked for Axent Technologies as a 
SQA engineer; there, he was respon- 
sible for implementing automation, 
was the lead SQA engineer for several projects, and was in 
charge of test planning, execution and reporting for current 
and new projects. He has a B.S. in electrical engineering from 
Merrimack College. 

JMottiieW YOling is a senior software systems engi- 
neer and project manager for SAIC in Tucson, Ariz. Having 
served in roles ranging from software development through 
project management, he has acquired the battle scars that go 
with life in the trenches of software and systems development. 

Armed with a B.S. in computer science and engineering 
from Bucknell University and an M.S. in systems engineer- 
ing from Johns Hopkins, Mr. Young has spent most of his 
career as a defense contractor, working on such projects as 
Differential GPS, Force Structure Modeling and Simulation, 
and other large-scale system efforts. 

Always driving teams toward solid engineering principles 
and realistic planning, Mr. Young continues to lead efforts to 
move software engineering away from magic and sorcery and 
into a true engineering discipline. Mr. Young is the author of 
numerous white papers on system/software testing and is co- 
author of "Java Testing Patterns" (Wiley, 2005). 




Hotel and Travel 

Information 



Hotel 

Convenient to Grand Central Terminal, JFK, Newark International 
and LaGuardia airports, and many other New York City attrac- 
tions and businesses, The Roosevelt Hotel's ideal New York City 
location is a dream come true. Nestled among the Empire State 
Building, 5th Avenue shopping and the world-famous shows on 
Broadway, guests are only steps away from the action found with- 
in the heart of the city that never sleeps. 
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The Roosevelt Hotel 

Madison Ave. at 45th St. 
New York, NY 10017 




Reservations 

Expo Travel, the official travel agency for the Software Test & 
Performance Conference, is pleased to offer exhibitors and 
attendees substantial hotel savings at the host hotel. 
Book rooms early to insure discounted rates. 

The special conference rates are US$249 for either a single or double room. These 
rates are per room, per night, do not reflect taxes, and are exclusive through Expo 
Travel. Rates are in effect until approximately 30 days prior to the event (providing 
rooms are available), after which time Expo Travel will continue to accept reserva- 
tions at the prevailing rates, subject to their availability. 
Do not contact the hotel directly, as higher rates will apply and Expo Travel cannot 
apply rate adjustments to reservations booked direct. A credit card is required to con- 
firm a reservation. 

To make a hotel reservation: 

• By phone: Call +1-201-655-7225. Hours are Mon.-Fri., 9 a.m. to 
5 p.m., Eastern time. 

• By fax: Fill out the attached form and fax to +1-201-226-1236. 
Form must include credit card number and expiration date. 

• Online: Go to www.expotravel.com, and click on "RESERVE" 
next to the Software Test & Performance logo. 

If you experience difficulty booking online, call +1-201-655-7225, 
Mon.-Fri., 9 a.m. to 5 p.m., Eastern time. 

Internet access: 

The Roosevelt Hotel offers WiFi Internet access in public 
areas. In-room high-speed Internet access is available 
at an additional charge. 
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MONDAY 
October 31 

REGISTRATION OPEN 
4:00 p.m. -7:00 p.m. 






TUESDAY 

November 1 

REGISTRATION OPEN 
8:00 a.m. -7:00 p.m. 






WEDNESDAY 

November 2 

REGISTRATION OPEN 7:30 a.m. - 7:00 p.m. 



TUTORIALS 



9:00 a.m. -5:00 p.m. 



T-1 



T-2 



T-3 



T-4 



T-5 



T-6 



Delivering Test 
Automation 
Success Through 
People, Methods & 
Tools - Buwalda 



Twenty-One Ways to 
Spot— and Fix- 
Requirements Errors 
Early - Goldsmith 



Testing Quasi-Agile 
Projects: Practical 
Strategies for 
Today's Iterative 
Development 
Environment - 
Korson 



Testing Techniques: 
Theory and 
Application - 
Rollison 



Using Metrics to 
Improve Software 
Testing - Sorkowitz 



Hands-on Testing 
Patterns: Best 
Practices From the 
Trenches - Young 
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KEYNOTES: MIKE MILINKOVICH 8:15 a.m. - 9:00 a.m. 



MARTIN FOWLER 



EXHIBITS OPEN 3:00 p.m. - 7:30 p.m. 



ATTENDEE RECEPTION 



TECHNICAL CLASSES 



9:15 a.m. -10:45 a.m. 



101 



102 



103 



104 



105 



106 



107 



Fundamental Rules 
of Security Testing - 
Dustin 



Putting the User 
Back in User 
Acceptance Testing 
- Goldsmith 



How to Optimize 
Your Web Testing 
Strategy - Nguyen 



Performance Tuning 
ASPNET 
Applications - 
O'Mara 



How to Turn Your 
Testing Team Into a 
High-Performance 
Organization - 
Hackett 



Creating Your Own 
Test Automation 
Tool - Valorose 



Better Web Stress 
Testing - Sabourin 



11:00 a.m. -12:30 p.m. 



201 



202 



203 



204 



205 



206 



207 



Pinpointing and 
Exploiting Specific 
Performance 
Bottlenecks - Barber 



Software Endgames: 
How to Finish What 
You've Started - 
Galen 



Seven Low-Overhead 
Software Process 
Improvement 
Methods - 
Goldsmith 



Learning From 
Failures Before They 
Happen: Failure 
Analysis Techniques 
for Software 
Engineering -Young 



Integrating the 
Testing Team Into 
the Software 
Development Life 
Cycle - Dustin 



Database Security: 
How Vulnerable Is 
Your Data? - 
Sweeney 



Load Generation in 
Complex 
Environments - 
Podelko 



1:30 p.m. -3:00 p.m. 



301 



302 



303 



304 



305 



306 



307 



Just-in-Time Testing 
Techniques and 
Tactics, Part 1 - 
Sabourin 



Overcoming 
Requirements-Based 
Testing's Hidden 
Pitfalls - Goldsmith 



Web Performance 
Testing: Lessons 
Learned - Nguyen 



Lessons Learned in 
Test Automation, 
Part 1 - Dustin 



Metrics: How to Track 
Things That Matter - 
Chaney 



Verifying Software 
Robustness - Collard 



Recruiting, Hiring, 
Motivating and 
Retaining Top Testing 
Talent - Feldstein 
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THURSDAY 

November 3 

REGISTRATION OPEN 7:30 a.m. - 4:00 p.m. 






5:15 p.m. -6:00 p.m. 



KEYNOTE: ADAM KOLAWA 8:15 a.m. - 9:00 a.m. 



6:00 p.m. -7:30 p.m. 



EXHIBITS OPEN 12:00 p.m. - 4:00 p.m. 



ATTENDEE LUNCHEON 12:30 p.m. - 2:00 p.m. 



TECHNICAL CLASSES 



3:30 p.m. -5:00 p.m. 



9:15 a.m. -10:45 a.m. 



11:00 a.m. -12:30 p.m. 



2:00 p.m. -3:30 p.m. 



4:00 p.m. -5:30 p.m. 



401 



Just-in-Time Testing 
Techniques and 
Tactics, Part 2 - 
Sabourin 



501 



Seven Steps to 
Building a Better 
Bug Workflow 
System - Sabourin 



601 



Designing and 
Utilizing Test 
Matrices - Price 



701 



Unit Testing for Agile 
Development, Part 1 
- Sabourin 



801 



Unit Testing for 
Agile Development, 
Part 2 - Sabourin 



402 



Building 
Collaborative 
Performance Testing 
and Tuning Teams - 
Barber 



502 



Rapid Business- 
Driven Testing - 
Chaney 



602 



Managing Culture 
Shock: A Journey to 
Organizational 
Change - Chaney 



702 



Performance Testing 
for Managers - 
Barber 



802 



Differential Testing: 
A Cost-Effective 
Automated Test 
Approach for 
Large, Complex 
Systems - Hower 



403 



Making the ROI 
Business Case for 
Testing Techniques ■ 
Goldsmith 



503 



Strategies and 
Tactics for Global 
Test Automation, 
Part 1 - Nguyen 



603 



Strategies and 
Tactics for Global 
Test Automation, 
Part 2 - Nguyen 



703 



Measuring JUnit 
Code Coverage - 
Harold 



803 



Accelerate Testing 
Cycles with 
Collaborative 
Performance 
Testing - Cavallaro 



404 



Lessons Learned in 
Test Automation, 
Part 2 - Dustin 



504 



Testing Tools 
Inside Eclipse ■ 
Toomey 



604 



Effective Load 
Testing - Podelko 



704 



Developing An 
Effective 

Performance Testing 
Strategy - Collard 



804 



Planning and 
Managing a Beta 
Test Program - 
Price 



405 



Using Scrum to 
Manage the Testing 
Effort - Galen 



505 



Testing XML ■ 
Harold 



605 



Using Code Metrics 
for Targeted Code 
Refactoring - Glover 



705 



Testing Financial 
Software Systems ■ 
Berger 



805 



Worst Testing 
Practices: How to 
Fail at Testing 
Without Even 
Trying - Young 



406 



Exploiting Web 
Application Code: 
The Methodologies 
and Automation of 
SQL Injection - 
Fisher 



506 



Performance 
Management 
Throughout the 
Application Life 
Cycle - Bodkin 



606 



Automated Database 
Testing: Testing and 
Using Stored 
Procedures - 
Sweeney 



706 



A Manager's Guide 
to GUI Test 
Automation - 
Makedonov 



806 



Profiling a J2EE 
Application Using 
the Eclipse Test 
and Performance 
Tools Platform - 
Adamo 



407 



Failure Modes: 
Understanding 
Common Failures in 
Application 
Performance - 
Bodkin 



507 



Avoiding the Finger 
of Blame: Bringing 
Development and 
Testing Together 
With the Business 
Side - Carty 



607 



Model-Based Testing 
for Java and Web- 
based GUI 
Applications - 
Feldstein 



707 



Developing Web 
Security Testing 
Expertise in Your 
Organization - 
Nguyen 



807 



Coding Standards 
and Unit Testing- 
Why Bother? - 
Lambert 






Pricing and 

Registration 



eXtreme Early Bird Super Early Bird Early Bird Full Price 

By Aug. 5 By Sept. 9 By Oct. 5 After Oct. 5 



Full Event Passport: 
Technical Conference 
and Tutorials 
November 1-3 



$895 
Best Value 



$995 



$1,195 



$1 ,350 



Two-Day Technical 
Conference Only 
November 2-3 


$795 


$895 


$1 ,045 


$1,180 


Tutorials Only 
November 1 


$530 


$575 


$625 


$695 



Exhibits Only 
November 2-3 



FREE 



FREE 



FREE $50 

All prices are in US dollars 



How to Register 

REGISTER ONLINE. Register online at www.stpcon.com 
and use one of the following payment methods: 

CREDIT CARD. You can use the secure online form to pay 
via credit card and get immediate confirmation of your 
classes. MasterCard, Visa and American Express are accept- 
ed cards. You'll receive a REGISTRATION RECORD and 
RECEIPT. Please print out these pages and bring them with 
you to the conference. Present them at the Registration Desk 
to pick up your badge and any course materials. 

CHECK OR P.O. Fill out the online registration form. Print 
out the REGISTRATION RECORD and RECEIPT and mail to 
BZ Media LLC, 7 High Street, Suite 407, Huntington, NY 
11743 with your payment. Online registrations that are 
mailed without payment will not be confirmed until pay- 
ment is received. 

GROUP DISCOUNTS. Registering four or more attendees 
from your company? You can receive a $100 discount off the 
Full Event Passport, or $50 off Tutorials or Technical 
Conference Only, on each registration. Enter the word GROUP 
when asked for a code on our online registration form. 



REFUND POLICY. You can receive a full refund, less a $50 
registration fee, for cancellations made by October 1, 2005. 
Cancellations after this date are non-refundable. Send your 
cancellation in writing to registration@bzmedia.com. 

Paid Conference/Tutorial Registration Includes! 

• Admission to tutorials and/or technical classes. 
Please make your class selections when registering. 

• Admission to keynotes 

• Admission to exhibits 

• Conference materials 

• Attendee reception Wednesday night 

• Continental breakfast, coffee breaks 

• Lunch on Thursday 

Exhibits-Only Registration Includes: 

• Admission to keynotes 

• Admission to exhibits 

• Attendee reception Wednesday night 

Registration Questions 

Contact Donna Esposito at +1-415-785-3419, or e-mail at 
desposito@bzmedia.com. 
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